diff --git a/gateway-api/src/apis/experimental/gatewayclasses.rs b/gateway-api/src/apis/experimental/gatewayclasses.rs index e7ffbec..bcbd110 100644 --- a/gateway-api/src/apis/experimental/gatewayclasses.rs +++ b/gateway-api/src/apis/experimental/gatewayclasses.rs @@ -1,6 +1,6 @@ // WARNING: generated by kopium - manual changes will be overwritten // kopium command: kopium --schema=derived --derive=JsonSchema --derive=Default --derive=PartialEq --docs -f - -// kopium version: 0.20.1 +// kopium version: 0.21.1 #[allow(unused_imports)] mod prelude { @@ -26,13 +26,10 @@ pub struct GatewayClassSpec { /// ControllerName is the name of the controller that is managing Gateways of /// this class. The value of this field MUST be a domain prefixed path. /// - /// /// Example: "example.net/gateway-controller". /// - /// /// This field is not mutable and cannot be empty. /// - /// /// Support: Core #[serde(rename = "controllerName")] pub controller_name: String, @@ -43,21 +40,19 @@ pub struct GatewayClassSpec { /// parameters corresponding to the GatewayClass. This is optional if the /// controller does not require any additional configuration. /// - /// /// ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, /// or an implementation-specific custom resource. The resource can be /// cluster-scoped or namespace-scoped. /// - /// - /// If the referent cannot be found, the GatewayClass's "InvalidParameters" - /// status condition will be true. - /// + /// If the referent cannot be found, refers to an unsupported kind, or when + /// the data within that resource is malformed, the GatewayClass SHOULD be + /// rejected with the "Accepted" status condition set to "False" and an + /// "InvalidParameters" reason. /// /// A Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified, /// the merging behavior is implementation specific. /// It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway. /// - /// /// Support: Implementation-specific #[serde( default, @@ -71,21 +66,19 @@ pub struct GatewayClassSpec { /// parameters corresponding to the GatewayClass. This is optional if the /// controller does not require any additional configuration. /// -/// /// ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, /// or an implementation-specific custom resource. The resource can be /// cluster-scoped or namespace-scoped. /// -/// -/// If the referent cannot be found, the GatewayClass's "InvalidParameters" -/// status condition will be true. -/// +/// If the referent cannot be found, refers to an unsupported kind, or when +/// the data within that resource is malformed, the GatewayClass SHOULD be +/// rejected with the "Accepted" status condition set to "False" and an +/// "InvalidParameters" reason. /// /// A Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified, /// the merging behavior is implementation specific. /// It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway. /// -/// /// Support: Implementation-specific #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GatewayClassParametersRef { @@ -104,7 +97,6 @@ pub struct GatewayClassParametersRef { /// Status defines the current state of GatewayClass. /// -/// /// Implementations MUST populate status on all GatewayClass resources which /// specify their controller name. #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] @@ -112,18 +104,24 @@ pub struct GatewayClassStatus { /// Conditions is the current status from the controller for /// this GatewayClass. /// - /// /// Controllers should prefer to publish conditions using values /// of GatewayClassConditionType for the type of each Condition. #[serde(default, skip_serializing_if = "Option::is_none")] pub conditions: Option>, /// SupportedFeatures is the set of features the GatewayClass support. - /// It MUST be sorted in ascending alphabetical order. + /// It MUST be sorted in ascending alphabetical order by the Name key. /// #[serde( default, skip_serializing_if = "Option::is_none", rename = "supportedFeatures" )] - pub supported_features: Option>, + pub supported_features: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] +pub struct GatewayClassStatusSupportedFeatures { + /// FeatureName is used to describe distinct features that are covered by + /// conformance tests. + pub name: String, } diff --git a/gateway-api/src/apis/experimental/gateways.rs b/gateway-api/src/apis/experimental/gateways.rs index 568408f..8c4312d 100644 --- a/gateway-api/src/apis/experimental/gateways.rs +++ b/gateway-api/src/apis/experimental/gateways.rs @@ -1,6 +1,6 @@ // WARNING: generated by kopium - manual changes will be overwritten // kopium command: kopium --schema=derived --derive=JsonSchema --derive=Default --derive=PartialEq --docs -f - -// kopium version: 0.20.1 +// kopium version: 0.21.1 #[allow(unused_imports)] mod prelude { @@ -30,48 +30,50 @@ pub struct GatewaySpec { /// requested address is invalid or unavailable, the implementation MUST /// indicate this in the associated entry in GatewayStatus.Addresses. /// - /// /// The Addresses field represents a request for the address(es) on the /// "outside of the Gateway", that traffic bound for this Gateway will use. /// This could be the IP address or hostname of an external load balancer or /// other networking infrastructure, or some other address that traffic will /// be sent to. /// - /// /// If no Addresses are specified, the implementation MAY schedule the /// Gateway in an implementation-specific manner, assigning an appropriate /// set of Addresses. /// - /// /// The implementation MUST bind all Listeners to every GatewayAddress that /// it assigns to the Gateway and add a corresponding entry in /// GatewayStatus.Addresses. /// - /// /// Support: Extended /// /// - /// #[serde(default, skip_serializing_if = "Option::is_none")] pub addresses: Option>, + /// BackendTLS configures TLS settings for when this Gateway is connecting to + /// backends with TLS. + /// + /// Support: Core + /// + /// + #[serde( + default, + skip_serializing_if = "Option::is_none", + rename = "backendTLS" + )] + pub backend_tls: Option, /// GatewayClassName used for this Gateway. This is the name of a /// GatewayClass resource. #[serde(rename = "gatewayClassName")] pub gateway_class_name: String, /// Infrastructure defines infrastructure level attributes about this Gateway instance. /// - /// - /// Support: Core - /// - /// - /// + /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub infrastructure: Option, /// Listeners associated with this Gateway. Listeners define /// logical endpoints that are bound on this Gateway's addresses. /// At least one Listener MUST be specified. /// - /// /// Each Listener in a set of Listeners (for example, in a single Gateway) /// MUST be _distinct_, in that a traffic flow MUST be able to be assigned to /// exactly one listener. (This section uses "set of Listeners" rather than @@ -79,42 +81,32 @@ pub struct GatewaySpec { /// from multiple Gateways onto a single data plane, and these rules _also_ /// apply in that case). /// - /// /// Practically, this means that each listener in a set MUST have a unique /// combination of Port, Protocol, and, if supported by the protocol, Hostname. /// - /// /// Some combinations of port, protocol, and TLS settings are considered /// Core support and MUST be supported by implementations based on their /// targeted conformance profile: /// - /// /// HTTP Profile /// - /// /// 1. HTTPRoute, Port: 80, Protocol: HTTP /// 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided /// - /// /// TLS Profile /// - /// /// 1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough /// - /// /// "Distinct" Listeners have the following property: /// - /// /// The implementation can match inbound requests to a single distinct /// Listener. When multiple Listeners share values for fields (for /// example, two Listeners with the same Port value), the implementation /// can match requests to only one of the Listeners using other /// Listener fields. /// - /// /// For example, the following Listener scenarios are distinct: /// - /// /// 1. Multiple Listeners with the same Port that all use the "HTTP" /// Protocol that all have unique Hostname values. /// 2. Multiple Listeners with the same Port that use either the "HTTPS" or @@ -122,45 +114,37 @@ pub struct GatewaySpec { /// 3. A mixture of "TCP" and "UDP" Protocol Listeners, where no Listener /// with the same Protocol has the same Port value. /// - /// /// Some fields in the Listener struct have possible values that affect /// whether the Listener is distinct. Hostname is particularly relevant /// for HTTP or HTTPS protocols. /// - /// /// When using the Hostname value to select between same-Port, same-Protocol /// Listeners, the Hostname value must be different on each Listener for the /// Listener to be distinct. /// - /// /// When the Listeners are distinct based on Hostname, inbound request /// hostnames MUST match from the most specific to least specific Hostname /// values to choose the correct Listener and its associated set of Routes. /// - /// /// Exact matches must be processed before wildcard matches, and wildcard /// matches must be processed before fallback (empty Hostname value) /// matches. For example, `"foo.example.com"` takes precedence over /// `"*.example.com"`, and `"*.example.com"` takes precedence over `""`. /// - /// /// Additionally, if there are multiple wildcard entries, more specific /// wildcard entries must be processed before less specific wildcard entries. /// For example, `"*.foo.example.com"` takes precedence over `"*.example.com"`. /// The precise definition here is that the higher the number of dots in the /// hostname to the right of the wildcard character, the higher the precedence. /// - /// /// The wildcard character will match any number of characters _and dots_ to /// the left, however, so `"*.example.com"` will match both /// `"foo.bar.example.com"` _and_ `"bar.example.com"`. /// - /// /// If a set of Listeners contains Listeners that are not distinct, then those /// Listeners are Conflicted, and the implementation MUST set the "Conflicted" /// condition in the Listener Status to "True". /// - /// /// Implementations MAY choose to accept a Gateway with some Conflicted /// Listeners only if they only accept the partial Listener set that contains /// no Conflicted Listeners. To put this another way, implementations may @@ -170,7 +154,6 @@ pub struct GatewaySpec { /// Listener in this case, otherwise it violates the requirement that at /// least one Listener must be present. /// - /// /// The implementation MUST set a "ListenersNotValid" condition on the /// Gateway Status when the Gateway contains Conflicted Listeners whether or /// not they accept the Gateway. That Condition SHOULD clearly @@ -178,26 +161,21 @@ pub struct GatewaySpec { /// Accepted. Additionally, the Listener status for those listeners SHOULD /// indicate which Listeners are conflicted and not Accepted. /// - /// /// A Gateway's Listeners are considered "compatible" if: /// - /// /// 1. They are distinct. /// 2. The implementation can serve them in compliance with the Addresses /// requirement that all Listeners are available on all assigned /// addresses. /// - /// /// Compatible combinations in Extended support are expected to vary across /// implementations. A combination that is compatible for one implementation /// may not be compatible for another. /// - /// /// For example, an implementation that cannot serve both TCP and UDP listeners /// on the same address, or cannot mix HTTPS and generic TLS listens on the same port /// would not consider those cases compatible, even though they are distinct. /// - /// /// Note that requests SHOULD match at most one Listener. For example, if /// Listeners are defined for "foo.example.com" and "*.example.com", a /// request to "foo.example.com" SHOULD only be routed using routes attached @@ -205,11 +183,9 @@ pub struct GatewaySpec { /// This concept is known as "Listener Isolation". Implementations that do /// not support Listener Isolation MUST clearly document this. /// - /// /// Implementations MAY merge separate Gateways onto a single set of /// Addresses if all Listeners across all Gateways are compatible. /// - /// /// Support: Core pub listeners: Vec, } @@ -223,42 +199,108 @@ pub struct GatewayAddresses { /// Value of the address. The validity of the values will depend /// on the type and support by the controller. /// - /// /// Examples: `1.2.3.4`, `128::1`, `my-ip-address`. pub value: String, } -/// Infrastructure defines infrastructure level attributes about this Gateway instance. +/// BackendTLS configures TLS settings for when this Gateway is connecting to +/// backends with TLS. +/// +/// Support: Core /// /// +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] +pub struct GatewayBackendTls { + /// ClientCertificateRef is a reference to an object that contains a Client + /// Certificate and the associated private key. + /// + /// References to a resource in different namespace are invalid UNLESS there + /// is a ReferenceGrant in the target namespace that allows the certificate + /// to be attached. If a ReferenceGrant does not allow this reference, the + /// "ResolvedRefs" condition MUST be set to False for this listener with the + /// "RefNotPermitted" reason. + /// + /// ClientCertificateRef can reference to standard Kubernetes resources, i.e. + /// Secret, or implementation-specific custom resources. + /// + /// This setting can be overridden on the service level by use of BackendTLSPolicy. + /// + /// Support: Core + /// + /// + #[serde( + default, + skip_serializing_if = "Option::is_none", + rename = "clientCertificateRef" + )] + pub client_certificate_ref: Option, +} + +/// ClientCertificateRef is a reference to an object that contains a Client +/// Certificate and the associated private key. +/// +/// References to a resource in different namespace are invalid UNLESS there +/// is a ReferenceGrant in the target namespace that allows the certificate +/// to be attached. If a ReferenceGrant does not allow this reference, the +/// "ResolvedRefs" condition MUST be set to False for this listener with the +/// "RefNotPermitted" reason. +/// +/// ClientCertificateRef can reference to standard Kubernetes resources, i.e. +/// Secret, or implementation-specific custom resources. +/// +/// This setting can be overridden on the service level by use of BackendTLSPolicy. +/// /// Support: Core /// /// +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] +pub struct GatewayBackendTlsClientCertificateRef { + /// Group is the group of the referent. For example, "gateway.networking.k8s.io". + /// When unspecified or empty string, core API group is inferred. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub group: Option, + /// Kind is kind of the referent. For example "Secret". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + /// Name is the name of the referent. + pub name: String, + /// Namespace is the namespace of the referenced object. When unspecified, the local + /// namespace is inferred. + /// + /// Note that when a namespace different than the local namespace is specified, + /// a ReferenceGrant object is required in the referent namespace to allow that + /// namespace's owner to accept the reference. See the ReferenceGrant + /// documentation for details. + /// + /// Support: Core + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// Infrastructure defines infrastructure level attributes about this Gateway instance. /// +/// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GatewayInfrastructure { /// Annotations that SHOULD be applied to any resources created in response to this Gateway. /// - /// /// For implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources. /// For other implementations, this refers to any relevant (implementation specific) "annotations" concepts. /// - /// /// An implementation may chose to add additional implementation-specific annotations as they see fit. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub annotations: Option>, /// Labels that SHOULD be applied to any resources created in response to this Gateway. /// - /// /// For implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources. /// For other implementations, this refers to any relevant (implementation specific) "labels" concepts. /// - /// /// An implementation may chose to add additional implementation-specific labels as they see fit. /// + /// If an implementation maps these labels to Pods, or any other resource that would need to be recreated when labels + /// change, it SHOULD clearly warn about this behavior in documentation. /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] @@ -267,15 +309,12 @@ pub struct GatewayInfrastructure { /// parameters corresponding to the Gateway. This is optional if the /// controller does not require any additional configuration. /// - /// /// This follows the same semantics as GatewayClass's `parametersRef`, but on a per-Gateway basis /// - /// /// The Gateway's GatewayClass may provide its own `parametersRef`. When both are specified, /// the merging behavior is implementation specific. /// It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway. /// - /// /// Support: Implementation-specific #[serde( default, @@ -289,15 +328,12 @@ pub struct GatewayInfrastructure { /// parameters corresponding to the Gateway. This is optional if the /// controller does not require any additional configuration. /// -/// /// This follows the same semantics as GatewayClass's `parametersRef`, but on a per-Gateway basis /// -/// /// The Gateway's GatewayClass may provide its own `parametersRef`. When both are specified, /// the merging behavior is implementation specific. /// It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway. /// -/// /// Support: Implementation-specific #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GatewayInfrastructureParametersRef { @@ -317,12 +353,10 @@ pub struct GatewayListeners { /// Listener and the trusted namespaces where those Route resources MAY be /// present. /// - /// /// Although a client request may match multiple route rules, only one rule /// may ultimately receive the request. Matching precedence MUST be /// determined in order of the following criteria: /// - /// /// * The most specific match as defined by the Route type. /// * The oldest Route based on creation timestamp. For example, a Route with /// a creation timestamp of "2020-09-08 01:02:03" is given precedence over @@ -331,7 +365,6 @@ pub struct GatewayListeners { /// alphabetical order (namespace/name) should be given precedence. For /// example, foo/bar is given precedence over foo/baz. /// - /// /// All valid rules within a Route attached to this Listener should be /// implemented. Invalid Route rules can be ignored (sometimes that will mean /// the full Route). If a Route rule transitions from valid to invalid, @@ -339,7 +372,6 @@ pub struct GatewayListeners { /// example, even if a filter specified by a Route rule is invalid, the rest /// of the rules within that Route should still be supported. /// - /// /// Support: Core #[serde( default, @@ -352,11 +384,9 @@ pub struct GatewayListeners { /// field is ignored for protocols that don't require hostname based /// matching. /// - /// /// Implementations MUST apply Hostname matching appropriately for each of /// the following protocols: /// - /// /// * TLS: The Listener Hostname MUST match the SNI. /// * HTTP: The Listener Hostname MUST match the Host header of the request. /// * HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP @@ -364,52 +394,43 @@ pub struct GatewayListeners { /// ensure that both the SNI and Host header match the Listener hostname, /// it MUST clearly document that. /// - /// /// For HTTPRoute and TLSRoute resources, there is an interaction with the /// `spec.hostnames` array. When both listener and route specify hostnames, /// there MUST be an intersection between the values for a Route to be /// accepted. For more information, refer to the Route specific Hostnames /// documentation. /// - /// /// Hostnames that are prefixed with a wildcard label (`*.`) are interpreted /// as a suffix match. That means that a match for `*.example.com` would match /// both `test.example.com`, and `foo.test.example.com`, but not `example.com`. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub hostname: Option, /// Name is the name of the Listener. This name MUST be unique within a /// Gateway. /// - /// /// Support: Core pub name: String, /// Port is the network port. Multiple listeners may use the /// same port, subject to the Listener compatibility rules. /// - /// /// Support: Core pub port: i32, /// Protocol specifies the network protocol this listener expects to receive. /// - /// /// Support: Core pub protocol: String, /// TLS is the TLS configuration for the Listener. This field is required if /// the Protocol field is "HTTPS" or "TLS". It is invalid to set this field /// if the Protocol field is "HTTP", "TCP", or "UDP". /// - /// /// The association of SNIs to Certificate defined in GatewayTLSConfig is /// defined based on the Hostname field for this listener. /// - /// /// The GatewayClass MUST use the longest matching SNI out of all /// available certificates for any TLS handshake. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub tls: Option, @@ -419,12 +440,10 @@ pub struct GatewayListeners { /// Listener and the trusted namespaces where those Route resources MAY be /// present. /// -/// /// Although a client request may match multiple route rules, only one rule /// may ultimately receive the request. Matching precedence MUST be /// determined in order of the following criteria: /// -/// /// * The most specific match as defined by the Route type. /// * The oldest Route based on creation timestamp. For example, a Route with /// a creation timestamp of "2020-09-08 01:02:03" is given precedence over @@ -433,7 +452,6 @@ pub struct GatewayListeners { /// alphabetical order (namespace/name) should be given precedence. For /// example, foo/bar is given precedence over foo/baz. /// -/// /// All valid rules within a Route attached to this Listener should be /// implemented. Invalid Route rules can be ignored (sometimes that will mean /// the full Route). If a Route rule transitions from valid to invalid, @@ -441,7 +459,6 @@ pub struct GatewayListeners { /// example, even if a filter specified by a Route rule is invalid, the rest /// of the rules within that Route should still be supported. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GatewayListenersAllowedRoutes { @@ -449,21 +466,18 @@ pub struct GatewayListenersAllowedRoutes { /// to this Gateway Listener. When unspecified or empty, the kinds of Routes /// selected are determined using the Listener protocol. /// - /// /// A RouteGroupKind MUST correspond to kinds of Routes that are compatible /// with the application protocol specified in the Listener's Protocol field. /// If an implementation does not support or recognize this resource type, it /// MUST set the "ResolvedRefs" condition to False for this Listener with the /// "InvalidRouteKinds" reason. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub kinds: Option>, /// Namespaces indicates namespaces from which Routes may be attached to this /// Listener. This is restricted to the namespace of this Gateway by default. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option, @@ -482,20 +496,17 @@ pub struct GatewayListenersAllowedRoutesKinds { /// Namespaces indicates namespaces from which Routes may be attached to this /// Listener. This is restricted to the namespace of this Gateway by default. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GatewayListenersAllowedRoutesNamespaces { /// From indicates where Routes will be selected for this Gateway. Possible /// values are: /// - /// /// * All: Routes in all namespaces may be used by this Gateway. /// * Selector: Routes in namespaces selected by the selector may be used by /// this Gateway. /// * Same: Only Routes in the same namespace may be used by this Gateway. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub from: Option, @@ -503,7 +514,6 @@ pub struct GatewayListenersAllowedRoutesNamespaces { /// only Routes in Namespaces matching this Selector will be selected by this /// Gateway. This field is ignored for other values of "From". /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub selector: Option, @@ -512,7 +522,6 @@ pub struct GatewayListenersAllowedRoutesNamespaces { /// Namespaces indicates namespaces from which Routes may be attached to this /// Listener. This is restricted to the namespace of this Gateway by default. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum GatewayListenersAllowedRoutesNamespacesFrom { @@ -525,7 +534,6 @@ pub enum GatewayListenersAllowedRoutesNamespacesFrom { /// only Routes in Namespaces matching this Selector will be selected by this /// Gateway. This field is ignored for other values of "From". /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GatewayListenersAllowedRoutesNamespacesSelector { @@ -569,15 +577,12 @@ pub struct GatewayListenersAllowedRoutesNamespacesSelectorMatchExpressions { /// the Protocol field is "HTTPS" or "TLS". It is invalid to set this field /// if the Protocol field is "HTTP", "TCP", or "UDP". /// -/// /// The association of SNIs to Certificate defined in GatewayTLSConfig is /// defined based on the Hostname field for this listener. /// -/// /// The GatewayClass MUST use the longest matching SNI out of all /// available certificates for any TLS handshake. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GatewayListenersTls { @@ -586,30 +591,24 @@ pub struct GatewayListenersTls { /// establish a TLS handshake for requests that match the hostname of the /// associated listener. /// - /// /// A single CertificateRef to a Kubernetes Secret has "Core" support. /// Implementations MAY choose to support attaching multiple certificates to /// a Listener, but this behavior is implementation-specific. /// - /// /// References to a resource in different namespace are invalid UNLESS there /// is a ReferenceGrant in the target namespace that allows the certificate /// to be attached. If a ReferenceGrant does not allow this reference, the /// "ResolvedRefs" condition MUST be set to False for this listener with the /// "RefNotPermitted" reason. /// - /// /// This field is required to have at least one element when the mode is set /// to "Terminate" (default) and is optional otherwise. /// - /// /// CertificateRefs can reference to standard Kubernetes resources, i.e. /// Secret, or implementation-specific custom resources. /// - /// /// Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls /// - /// /// Support: Implementation-specific (More than one reference or other resource types) #[serde( default, @@ -623,11 +622,9 @@ pub struct GatewayListenersTls { /// that requests a user to specify the client certificate. /// The maximum depth of a certificate chain accepted in verification is Implementation specific. /// - /// /// Support: Extended /// /// - /// #[serde( default, skip_serializing_if = "Option::is_none", @@ -637,7 +634,6 @@ pub struct GatewayListenersTls { /// Mode defines the TLS behavior for the TLS session initiated by the client. /// There are two possible modes: /// - /// /// - Terminate: The TLS session between the downstream client and the /// Gateway is terminated at the Gateway. This mode requires certificates /// to be specified in some way, such as populating the certificateRefs @@ -647,7 +643,6 @@ pub struct GatewayListenersTls { /// the ClientHello message of the TLS protocol. The certificateRefs field /// is ignored in this mode. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, @@ -655,13 +650,11 @@ pub struct GatewayListenersTls { /// configuration for each implementation. For example, configuring the /// minimum TLS version or supported cipher suites. /// - /// /// A set of common keys MAY be defined by the API in the future. To avoid /// any ambiguity, implementation-specific definitions MUST use /// domain-prefixed names, such as `example.com/my-custom-option`. /// Un-prefixed names are reserved for key names defined by Gateway API. /// - /// /// Support: Implementation-specific #[serde(default, skip_serializing_if = "Option::is_none")] pub options: Option>, @@ -670,11 +663,9 @@ pub struct GatewayListenersTls { /// SecretObjectReference identifies an API object including its namespace, /// defaulting to Secret. /// -/// /// The API object must be valid in the cluster; the Group and Kind must /// be registered in the cluster for this reference to be valid. /// -/// /// References to objects with invalid Group and Kind are not valid, and must /// be rejected by the implementation, with appropriate Conditions set /// on the containing object. @@ -692,13 +683,11 @@ pub struct GatewayListenersTlsCertificateRefs { /// Namespace is the namespace of the referenced object. When unspecified, the local /// namespace is inferred. /// - /// /// Note that when a namespace different than the local namespace is specified, /// a ReferenceGrant object is required in the referent namespace to allow that /// namespace's owner to accept the reference. See the ReferenceGrant /// documentation for details. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, @@ -710,11 +699,9 @@ pub struct GatewayListenersTlsCertificateRefs { /// that requests a user to specify the client certificate. /// The maximum depth of a certificate chain accepted in verification is Implementation specific. /// -/// /// Support: Extended /// /// -/// #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GatewayListenersTlsFrontendValidation { /// CACertificateRefs contains one or more references to @@ -722,21 +709,17 @@ pub struct GatewayListenersTlsFrontendValidation { /// the Certificate Authorities that can be used /// as a trust anchor to validate the certificates presented by the client. /// - /// /// A single CA certificate reference to a Kubernetes ConfigMap /// has "Core" support. /// Implementations MAY choose to support attaching multiple CA certificates to /// a Listener, but this behavior is implementation-specific. /// - /// /// Support: Core - A single reference to a Kubernetes ConfigMap /// with the CA certificate in a key named `ca.crt`. /// - /// /// Support: Implementation-specific (More than one reference, or other kinds /// of resources). /// - /// /// References to a resource in a different namespace are invalid UNLESS there /// is a ReferenceGrant in the target namespace that allows the certificate /// to be attached. If a ReferenceGrant does not allow this reference, the @@ -752,11 +735,9 @@ pub struct GatewayListenersTlsFrontendValidation { /// ObjectReference identifies an API object including its namespace. /// -/// /// The API object must be valid in the cluster; the Group and Kind must /// be registered in the cluster for this reference to be valid. /// -/// /// References to objects with invalid Group and Kind are not valid, and must /// be rejected by the implementation, with appropriate Conditions set /// on the containing object. @@ -772,13 +753,11 @@ pub struct GatewayListenersTlsFrontendValidationCaCertificateRefs { /// Namespace is the namespace of the referenced object. When unspecified, the local /// namespace is inferred. /// - /// /// Note that when a namespace different than the local namespace is specified, /// a ReferenceGrant object is required in the referent namespace to allow that /// namespace's owner to accept the reference. See the ReferenceGrant /// documentation for details. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, @@ -788,15 +767,12 @@ pub struct GatewayListenersTlsFrontendValidationCaCertificateRefs { /// the Protocol field is "HTTPS" or "TLS". It is invalid to set this field /// if the Protocol field is "HTTP", "TCP", or "UDP". /// -/// /// The association of SNIs to Certificate defined in GatewayTLSConfig is /// defined based on the Hostname field for this listener. /// -/// /// The GatewayClass MUST use the longest matching SNI out of all /// available certificates for any TLS handshake. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum GatewayListenersTlsMode { @@ -810,31 +786,25 @@ pub struct GatewayStatus { /// Addresses lists the network addresses that have been bound to the /// Gateway. /// - /// /// This list may differ from the addresses provided in the spec under some /// conditions: /// - /// /// * no addresses are specified, all addresses are dynamically assigned /// * a combination of specified and dynamic addresses are assigned /// * a specified address was unusable (e.g. already in use) /// /// - /// #[serde(default, skip_serializing_if = "Option::is_none")] pub addresses: Option>, /// Conditions describe the current conditions of the Gateway. /// - /// /// Implementations should prefer to express Gateway conditions /// using the `GatewayConditionType` and `GatewayConditionReason` /// constants so that operators and tools can converge on a common /// vocabulary to describe Gateway state. /// - /// /// Known condition types are: /// - /// /// * "Accepted" /// * "Programmed" /// * "Ready" @@ -854,7 +824,6 @@ pub struct GatewayStatusAddresses { /// Value of the address. The validity of the values will depend /// on the type and support by the controller. /// - /// /// Examples: `1.2.3.4`, `128::1`, `my-ip-address`. pub value: String, } @@ -865,7 +834,6 @@ pub struct GatewayStatusListeners { /// AttachedRoutes represents the total number of Routes that have been /// successfully attached to this Listener. /// - /// /// Successful attachment of a Route to a Listener is based solely on the /// combination of the AllowedRoutes field on the corresponding Listener /// and the Route's ParentRefs field. A Route is successfully attached to @@ -878,7 +846,6 @@ pub struct GatewayStatusListeners { /// for Listeners with condition Accepted: false and MUST count successfully /// attached Routes that may themselves have Accepted: false conditions. /// - /// /// Uses for this field include troubleshooting Route attachment and /// measuring blast radius/impact of changes to a Listener. #[serde(rename = "attachedRoutes")] @@ -891,7 +858,6 @@ pub struct GatewayStatusListeners { /// listener. This MUST represent the kinds an implementation supports for /// that Listener configuration. /// - /// /// If kinds are specified in Spec that are not supported, they MUST NOT /// appear in this list and an implementation MUST set the "ResolvedRefs" /// condition to "False" with the "InvalidRouteKinds" reason. If both valid diff --git a/gateway-api/src/apis/experimental/grpcroutes.rs b/gateway-api/src/apis/experimental/grpcroutes.rs index 0bc5c07..45e5811 100644 --- a/gateway-api/src/apis/experimental/grpcroutes.rs +++ b/gateway-api/src/apis/experimental/grpcroutes.rs @@ -1,6 +1,6 @@ // WARNING: generated by kopium - manual changes will be overwritten // kopium command: kopium --schema=derived --derive=JsonSchema --derive=Default --derive=PartialEq --docs -f - -// kopium version: 0.20.1 +// kopium version: 0.21.1 #[allow(unused_imports)] mod prelude { @@ -28,17 +28,14 @@ pub struct GRPCRouteSpec { /// Host header to select a GRPCRoute to process the request. This matches /// the RFC 1123 definition of a hostname with 2 notable exceptions: /// - /// /// 1. IPs are not allowed. /// 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard /// label MUST appear by itself as the first label. /// - /// /// If a hostname is specified by both the Listener and GRPCRoute, there /// MUST be at least one intersecting hostname for the GRPCRoute to be /// attached to the Listener. For example: /// - /// /// * A Listener with `test.example.com` as the hostname matches GRPCRoutes /// that have either not specified any hostnames, or have specified at /// least one of `test.example.com` or `*.example.com`. @@ -48,41 +45,34 @@ pub struct GRPCRouteSpec { /// `test.example.com` and `*.example.com` would both match. On the other /// hand, `example.com` and `test.example.net` would not match. /// - /// /// Hostnames that are prefixed with a wildcard label (`*.`) are interpreted /// as a suffix match. That means that a match for `*.example.com` would match /// both `test.example.com`, and `foo.test.example.com`, but not `example.com`. /// - /// /// If both the Listener and GRPCRoute have specified hostnames, any /// GRPCRoute hostnames that do not match the Listener hostname MUST be /// ignored. For example, if a Listener specified `*.example.com`, and the /// GRPCRoute specified `test.example.com` and `test.example.net`, /// `test.example.net` MUST NOT be considered for a match. /// - /// /// If both the Listener and GRPCRoute have specified hostnames, and none /// match with the criteria above, then the GRPCRoute MUST NOT be accepted by /// the implementation. The implementation MUST raise an 'Accepted' Condition /// with a status of `False` in the corresponding RouteParentStatus. /// - /// /// If a Route (A) of type HTTPRoute or GRPCRoute is attached to a /// Listener and that listener already has another Route (B) of the other /// type attached and the intersection of the hostnames of A and B is /// non-empty, then the implementation MUST accept exactly one of these two /// routes, determined by the following criteria, in order: /// - /// /// * The oldest Route based on creation timestamp. /// * The Route appearing first in alphabetical order by /// "{namespace}/{name}". /// - /// /// The rejected Route MUST raise an 'Accepted' condition with a status of /// 'False' in the corresponding RouteParentStatus. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub hostnames: Option>, @@ -97,21 +87,16 @@ pub struct GRPCRouteSpec { /// create a "producer" route for a Service in a different namespace from the /// Route. /// - /// /// There are two kinds of parent resources with "Core" support: /// - /// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// - /// /// This API may be extended in the future to support additional kinds of parent /// resources. /// - /// /// ParentRefs must be _distinct_. This means either that: /// - /// /// * They select different objects. If this is the case, then parentRef /// entries are distinct. In terms of fields, this means that the /// multi-part key defined by `group`, `kind`, `namespace`, and `name` must @@ -121,10 +106,8 @@ pub struct GRPCRouteSpec { /// optional fields to different values. If one ParentRef sets a /// combination of optional fields, all must set the same combination. /// - /// /// Some examples: /// - /// /// * If one ParentRef sets `sectionName`, all ParentRefs referencing the /// same object must also set `sectionName`. /// * If one ParentRef sets `port`, all ParentRefs referencing the same @@ -132,14 +115,12 @@ pub struct GRPCRouteSpec { /// * If one ParentRef sets `sectionName` and `port`, all ParentRefs /// referencing the same object must also set `sectionName` and `port`. /// - /// /// It is possible to separately reference multiple distinct objects that may /// be collapsed by an implementation. For example, some implementations may /// choose to merge compatible Gateway Listeners together. If that is the /// case, the list of routes attached to those resources should also be /// merged. /// - /// /// Note that for ParentRefs that cross namespace boundaries, there are specific /// rules. Cross-namespace references are only valid if they are explicitly /// allowed by something in the namespace they are referring to. For example, @@ -147,12 +128,10 @@ pub struct GRPCRouteSpec { /// generic way to enable other kinds of cross-namespace reference. /// /// - /// /// ParentRefs from a Route to a Service in the same namespace are "producer" /// routes, which apply default routing rules to inbound connections from /// any namespace to the Service. /// - /// /// ParentRefs from a Route to a Service in a different namespace are /// "consumer" routes, and these routing rules are only applied to outbound /// connections originating from the same namespace as the Route, for which @@ -164,7 +143,6 @@ pub struct GRPCRouteSpec { /// /// /// - /// #[serde( default, skip_serializing_if = "Option::is_none", @@ -172,6 +150,8 @@ pub struct GRPCRouteSpec { )] pub parent_refs: Option>, /// Rules are a list of GRPC matchers, filters and actions. + /// + /// #[serde(default, skip_serializing_if = "Option::is_none")] pub rules: Option>, } @@ -180,15 +160,12 @@ pub struct GRPCRouteSpec { /// a parent of this resource (usually a route). There are two kinds of parent resources /// with "Core" support: /// -/// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// -/// /// This API may be extended in the future to support additional kinds of parent /// resources. /// -/// /// The API object must be valid in the cluster; the Group and Kind must /// be registered in the cluster for this reference to be valid. #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] @@ -198,32 +175,26 @@ pub struct GRPCRouteParentRefs { /// To set the core API group (such as for a "Service" kind referent), /// Group must be explicitly set to "" (empty string). /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// Kind is kind of the referent. /// - /// /// There are two kinds of parent resources with "Core" support: /// - /// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// - /// /// Support for other resources is Implementation-Specific. #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, /// Name is the name of the referent. /// - /// /// Support: Core pub name: String, /// Namespace is the namespace of the referent. When unspecified, this refers /// to the local namespace of the Route. /// - /// /// Note that there are specific rules for ParentRefs which cross namespace /// boundaries. Cross-namespace references are only valid if they are explicitly /// allowed by something in the namespace they are referring to. For example: @@ -231,12 +202,10 @@ pub struct GRPCRouteParentRefs { /// generic way to enable any other kind of cross-namespace reference. /// /// - /// /// ParentRefs from a Route to a Service in the same namespace are "producer" /// routes, which apply default routing rules to inbound connections from /// any namespace to the Service. /// - /// /// ParentRefs from a Route to a Service in a different namespace are /// "consumer" routes, and these routing rules are only applied to outbound /// connections originating from the same namespace as the Route, for which @@ -244,14 +213,12 @@ pub struct GRPCRouteParentRefs { /// ParentRef of the Route. /// /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Port is the network port this Route targets. It can be interpreted /// differently based on the type of parent resource. /// - /// /// When the parent resource is a Gateway, this targets all listeners /// listening on the specified port that also support this kind of Route(and /// select this Route). It's not recommended to set `Port` unless the @@ -261,18 +228,15 @@ pub struct GRPCRouteParentRefs { /// must match both specified values. /// /// - /// /// When the parent resource is a Service, this targets a specific port in the /// Service spec. When both Port (experimental) and SectionName are specified, /// the name and port of the selected port must match both specified values. /// /// - /// /// Implementations MAY choose to support other parent resources. /// Implementations supporting other types of parent resources MUST clearly /// document how/if Port is interpreted. /// - /// /// For the purpose of status, an attachment is considered successful as /// long as the parent resource accepts it partially. For example, Gateway /// listeners can restrict which Routes can attach to them by Route kind, @@ -281,14 +245,12 @@ pub struct GRPCRouteParentRefs { /// attached. If no Gateway listeners accept attachment from this Route, /// the Route MUST be considered detached from the Gateway. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// SectionName is the name of a section within the target resource. In the /// following resources, SectionName is interpreted as the following: /// - /// /// * Gateway: Listener name. When both Port (experimental) and SectionName /// are specified, the name and port of the selected listener must match /// both specified values. @@ -296,12 +258,10 @@ pub struct GRPCRouteParentRefs { /// are specified, the name and port of the selected listener must match /// both specified values. /// - /// /// Implementations MAY choose to support attaching Routes to other resources. /// If that is the case, they MUST clearly document how SectionName is /// interpreted. /// - /// /// When unspecified (empty string), this will reference the entire resource. /// For the purpose of status, an attachment is considered successful if at /// least one section in the parent resource accepts it. For example, Gateway @@ -311,7 +271,6 @@ pub struct GRPCRouteParentRefs { /// attached. If no Gateway listeners accept attachment from this Route, the /// Route MUST be considered detached from the Gateway. /// - /// /// Support: Core #[serde( default, @@ -329,38 +288,30 @@ pub struct GRPCRouteRules { /// BackendRefs defines the backend(s) where matching requests should be /// sent. /// - /// /// Failure behavior here depends on how many BackendRefs are specified and /// how many are invalid. /// - /// /// If *all* entries in BackendRefs are invalid, and there are also no filters /// specified in this route rule, *all* traffic which matches this rule MUST /// receive an `UNAVAILABLE` status. /// - /// /// See the GRPCBackendRef definition for the rules about what makes a single /// GRPCBackendRef invalid. /// - /// /// When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for /// requests that would have otherwise been routed to an invalid backend. If /// multiple backends are specified, and some are invalid, the proportion of /// requests that would otherwise have been routed to an invalid backend /// MUST receive an `UNAVAILABLE` status. /// - /// /// For example, if two backends are specified with equal weights, and one is /// invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. /// Implementations may choose how that 50 percent is determined. /// - /// /// Support: Core for Kubernetes Service /// - /// /// Support: Implementation-specific for any other resource /// - /// /// Support for weight: Core #[serde( default, @@ -371,32 +322,26 @@ pub struct GRPCRouteRules { /// Filters define the filters that are applied to requests that match /// this rule. /// - /// /// The effects of ordering of multiple behaviors are currently unspecified. /// This can change in the future based on feedback during the alpha stage. /// - /// /// Conformance-levels at this level are defined based on the type of filter: /// - /// /// - ALL core filters MUST be supported by all implementations that support /// GRPCRoute. /// - Implementers are encouraged to support extended filters. /// - Implementation-specific custom filters have no API guarantees across /// implementations. /// - /// /// Specifying the same filter multiple times is not supported unless explicitly /// indicated in the filter. /// - /// /// If an implementation can not support a combination of filters, it must clearly /// document that limitation. In cases where incompatible or unsupported /// filters are specified and cause the `Accepted` condition to be set to status /// `False`, implementations may use the `IncompatibleFilters` reason to specify /// this configuration error. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub filters: Option>, @@ -404,11 +349,9 @@ pub struct GRPCRouteRules { /// gRPC requests. Each match is independent, i.e. this rule will be matched /// if **any** one of the matches is satisfied. /// - /// /// For example, take the following matches configuration: /// - /// - /// ``` + /// ```text /// matches: /// - method: /// service: foo.bar @@ -419,57 +362,52 @@ pub struct GRPCRouteRules { /// service: foo.bar.v2 /// ``` /// - /// /// For a request to match against this rule, it MUST satisfy /// EITHER of the two conditions: /// - /// /// - service of foo.bar AND contains the header `version: 2` /// - service of foo.bar.v2 /// - /// /// See the documentation for GRPCRouteMatch on how to specify multiple /// match conditions to be ANDed together. /// - /// /// If no matches are specified, the implementation MUST match every gRPC request. /// - /// /// Proxy or Load Balancer routing configuration generated from GRPCRoutes /// MUST prioritize rules based on the following criteria, continuing on /// ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. /// Precedence MUST be given to the rule with the largest number of: /// - /// /// * Characters in a matching non-wildcard hostname. /// * Characters in a matching hostname. /// * Characters in a matching service. /// * Characters in a matching method. /// * Header matches. /// - /// /// If ties still exist across multiple Routes, matching precedence MUST be /// determined in order of the following criteria, continuing on ties: /// - /// /// * The oldest Route based on creation timestamp. /// * The Route appearing first in alphabetical order by /// "{namespace}/{name}". /// - /// /// If ties still exist within the Route that has been given precedence, /// matching precedence MUST be granted to the first matching rule meeting /// the above criteria. #[serde(default, skip_serializing_if = "Option::is_none")] pub matches: Option>, + /// Name is the name of the route rule. This name MUST be unique within a Route if it is set. + /// + /// Support: Extended + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, /// SessionPersistence defines and configures session persistence /// for the route rule. /// - /// /// Support: Extended /// /// - /// #[serde( default, skip_serializing_if = "Option::is_none", @@ -480,41 +418,33 @@ pub struct GRPCRouteRules { /// GRPCBackendRef defines how a GRPCRoute forwards a gRPC request. /// -/// /// Note that when a namespace different than the local namespace is specified, a /// ReferenceGrant object is required in the referent namespace to allow that /// namespace's owner to accept the reference. See the ReferenceGrant /// documentation for details. /// -/// /// /// -/// /// When the BackendRef points to a Kubernetes Service, implementations SHOULD /// honor the appProtocol field if it is set for the target Service Port. /// -/// /// Implementations supporting appProtocol SHOULD recognize the Kubernetes /// Standard Application Protocols defined in KEP-3726. /// -/// /// If a Service appProtocol isn't specified, an implementation MAY infer the /// backend protocol through its own means. Implementations MAY infer the /// protocol from the Route type referring to the backend Service. /// -/// /// If a Route is not able to send traffic to the backend using the specified /// protocol then the backend is considered invalid. Implementations MUST set the /// "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason. /// -/// /// #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GRPCRouteRulesBackendRefs { /// Filters defined at this level MUST be executed if and only if the /// request is being forwarded to the backend defined here. /// - /// /// Support: Implementation-specific (For broader support of filters, use the /// Filters field in GRPCRouteRule.) #[serde(default, skip_serializing_if = "Option::is_none")] @@ -526,20 +456,16 @@ pub struct GRPCRouteRulesBackendRefs { /// Kind is the Kubernetes resource kind of the referent. For example /// "Service". /// - /// /// Defaults to "Service" when not specified. /// - /// /// ExternalName services can refer to CNAME DNS records that may live /// outside of the cluster and as such are difficult to reason about in /// terms of conformance. They also may not be safe to forward to (see /// CVE-2021-25740 for more information). Implementations SHOULD NOT /// support ExternalName Services. /// - /// /// Support: Core (Services with a type other than ExternalName) /// - /// /// Support: Implementation-specific (Services with type ExternalName) #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, @@ -548,13 +474,11 @@ pub struct GRPCRouteRulesBackendRefs { /// Namespace is the namespace of the backend. When unspecified, the local /// namespace is inferred. /// - /// /// Note that when a namespace different than the local namespace is specified, /// a ReferenceGrant object is required in the referent namespace to allow that /// namespace's owner to accept the reference. See the ReferenceGrant /// documentation for details. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, @@ -572,13 +496,11 @@ pub struct GRPCRouteRulesBackendRefs { /// implementation supports. Weight is not a percentage and the sum of /// weights does not need to equal 100. /// - /// /// If only one backend is specified and it has a weight greater than 0, 100% /// of the traffic is forwarded to that backend. If weight is set to 0, no /// traffic should be forwarded for this entry. If unspecified, weight /// defaults to 1. /// - /// /// Support for this field varies based on the context where used. #[serde(default, skip_serializing_if = "Option::is_none")] pub weight: Option, @@ -597,10 +519,8 @@ pub struct GRPCRouteRulesBackendRefsFilters { /// "networking.example.net"). ExtensionRef MUST NOT be used for core and /// extended filters. /// - /// /// Support: Implementation-specific /// - /// /// This filter can be used multiple times within the same rule. #[serde( default, @@ -611,7 +531,6 @@ pub struct GRPCRouteRulesBackendRefsFilters { /// RequestHeaderModifier defines a schema for a filter that modifies request /// headers. /// - /// /// Support: Core #[serde( default, @@ -623,13 +542,13 @@ pub struct GRPCRouteRulesBackendRefsFilters { /// Requests are sent to the specified destination, but responses from /// that destination are ignored. /// - /// /// This filter can be used multiple times within the same rule. Note that /// not all implementations will be able to support mirroring to multiple /// backends. /// - /// /// Support: Extended + /// + /// #[serde( default, skip_serializing_if = "Option::is_none", @@ -639,7 +558,6 @@ pub struct GRPCRouteRulesBackendRefsFilters { /// ResponseHeaderModifier defines a schema for a filter that modifies response /// headers. /// - /// /// Support: Extended #[serde( default, @@ -650,17 +568,14 @@ pub struct GRPCRouteRulesBackendRefsFilters { /// Type identifies the type of filter to apply. As with other API fields, /// types are classified into three conformance levels: /// - /// /// - Core: Filter types and their corresponding configuration defined by /// "Support: Core" in this package, e.g. "RequestHeaderModifier". All /// implementations supporting GRPCRoute MUST support core filters. /// - /// /// - Extended: Filter types and their corresponding configuration defined by /// "Support: Extended" in this package, e.g. "RequestMirror". Implementers /// are encouraged to support extended filters. /// - /// /// - Implementation-specific: Filters that are defined and supported by specific vendors. /// In the future, filters showing convergence in behavior across multiple /// implementations will be considered for inclusion in extended or core @@ -668,17 +583,14 @@ pub struct GRPCRouteRulesBackendRefsFilters { /// is specified using the ExtensionRef field. `Type` MUST be set to /// "ExtensionRef" for custom filters. /// - /// /// Implementers are encouraged to define custom implementation types to /// extend the core API with implementation-specific behavior. /// - /// /// If a reference to a custom filter type cannot be resolved, the filter /// MUST NOT be skipped. Instead, requests that would have been processed by /// that filter MUST receive a HTTP error response. /// /// - /// #[serde(rename = "type")] pub r#type: GRPCRouteRulesBackendRefsFiltersType, } @@ -688,10 +600,8 @@ pub struct GRPCRouteRulesBackendRefsFilters { /// "networking.example.net"). ExtensionRef MUST NOT be used for core and /// extended filters. /// -/// /// Support: Implementation-specific /// -/// /// This filter can be used multiple times within the same rule. #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GRPCRouteRulesBackendRefsFiltersExtensionRef { @@ -707,7 +617,6 @@ pub struct GRPCRouteRulesBackendRefsFiltersExtensionRef { /// RequestHeaderModifier defines a schema for a filter that modifies request /// headers. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GRPCRouteRulesBackendRefsFiltersRequestHeaderModifier { @@ -715,18 +624,15 @@ pub struct GRPCRouteRulesBackendRefsFiltersRequestHeaderModifier { /// before the action. It appends to any existing values associated /// with the header name. /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header: foo /// - /// /// Config: /// add: /// - name: "my-header" /// value: "bar,baz" /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header: foo,bar,baz @@ -737,18 +643,15 @@ pub struct GRPCRouteRulesBackendRefsFiltersRequestHeaderModifier { /// names are case-insensitive (see /// https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header1: foo /// my-header2: bar /// my-header3: baz /// - /// /// Config: /// remove: ["my-header1", "my-header3"] /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header2: bar @@ -757,18 +660,15 @@ pub struct GRPCRouteRulesBackendRefsFiltersRequestHeaderModifier { /// Set overwrites the request with the given header (name, value) /// before the action. /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header: foo /// - /// /// Config: /// set: /// - name: "my-header" /// value: "bar" /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header: bar @@ -782,7 +682,6 @@ pub struct GRPCRouteRulesBackendRefsFiltersRequestHeaderModifierAdd { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, the first entry with /// an equivalent name MUST be considered for a match. Subsequent entries /// with an equivalent header name MUST be ignored. Due to the @@ -799,7 +698,6 @@ pub struct GRPCRouteRulesBackendRefsFiltersRequestHeaderModifierSet { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, the first entry with /// an equivalent name MUST be considered for a match. Subsequent entries /// with an equivalent header name MUST be ignored. Due to the @@ -814,76 +712,83 @@ pub struct GRPCRouteRulesBackendRefsFiltersRequestHeaderModifierSet { /// Requests are sent to the specified destination, but responses from /// that destination are ignored. /// -/// /// This filter can be used multiple times within the same rule. Note that /// not all implementations will be able to support mirroring to multiple /// backends. /// -/// /// Support: Extended +/// +/// #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GRPCRouteRulesBackendRefsFiltersRequestMirror { /// BackendRef references a resource where mirrored requests are sent. /// - /// /// Mirrored requests must be sent only to a single destination endpoint /// within this BackendRef, irrespective of how many endpoints are present /// within this BackendRef. /// - /// /// If the referent cannot be found, this BackendRef is invalid and must be /// dropped from the Gateway. The controller must ensure the "ResolvedRefs" /// condition on the Route status is set to `status: False` and not configure /// this backend in the underlying implementation. /// - /// /// If there is a cross-namespace reference to an *existing* object /// that is not allowed by a ReferenceGrant, the controller must ensure the /// "ResolvedRefs" condition on the Route is set to `status: False`, /// with the "RefNotPermitted" reason and not configure this backend in the /// underlying implementation. /// - /// /// In either error case, the Message of the `ResolvedRefs` Condition /// should be used to provide more detail about the problem. /// - /// /// Support: Extended for Kubernetes Service /// - /// /// Support: Implementation-specific for any other resource #[serde(rename = "backendRef")] pub backend_ref: GRPCRouteRulesBackendRefsFiltersRequestMirrorBackendRef, + /// Fraction represents the fraction of requests that should be + /// mirrored to BackendRef. + /// + /// Only one of Fraction or Percent may be specified. If neither field + /// is specified, 100% of requests will be mirrored. + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub fraction: Option, + /// Percent represents the percentage of requests that should be + /// mirrored to BackendRef. Its minimum value is 0 (indicating 0% of + /// requests) and its maximum value is 100 (indicating 100% of requests). + /// + /// Only one of Fraction or Percent may be specified. If neither field + /// is specified, 100% of requests will be mirrored. + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub percent: Option, } /// BackendRef references a resource where mirrored requests are sent. /// -/// /// Mirrored requests must be sent only to a single destination endpoint /// within this BackendRef, irrespective of how many endpoints are present /// within this BackendRef. /// -/// /// If the referent cannot be found, this BackendRef is invalid and must be /// dropped from the Gateway. The controller must ensure the "ResolvedRefs" /// condition on the Route status is set to `status: False` and not configure /// this backend in the underlying implementation. /// -/// /// If there is a cross-namespace reference to an *existing* object /// that is not allowed by a ReferenceGrant, the controller must ensure the /// "ResolvedRefs" condition on the Route is set to `status: False`, /// with the "RefNotPermitted" reason and not configure this backend in the /// underlying implementation. /// -/// /// In either error case, the Message of the `ResolvedRefs` Condition /// should be used to provide more detail about the problem. /// -/// /// Support: Extended for Kubernetes Service /// -/// /// Support: Implementation-specific for any other resource #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GRPCRouteRulesBackendRefsFiltersRequestMirrorBackendRef { @@ -894,20 +799,16 @@ pub struct GRPCRouteRulesBackendRefsFiltersRequestMirrorBackendRef { /// Kind is the Kubernetes resource kind of the referent. For example /// "Service". /// - /// /// Defaults to "Service" when not specified. /// - /// /// ExternalName services can refer to CNAME DNS records that may live /// outside of the cluster and as such are difficult to reason about in /// terms of conformance. They also may not be safe to forward to (see /// CVE-2021-25740 for more information). Implementations SHOULD NOT /// support ExternalName Services. /// - /// /// Support: Core (Services with a type other than ExternalName) /// - /// /// Support: Implementation-specific (Services with type ExternalName) #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, @@ -916,13 +817,11 @@ pub struct GRPCRouteRulesBackendRefsFiltersRequestMirrorBackendRef { /// Namespace is the namespace of the backend. When unspecified, the local /// namespace is inferred. /// - /// /// Note that when a namespace different than the local namespace is specified, /// a ReferenceGrant object is required in the referent namespace to allow that /// namespace's owner to accept the reference. See the ReferenceGrant /// documentation for details. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, @@ -935,10 +834,23 @@ pub struct GRPCRouteRulesBackendRefsFiltersRequestMirrorBackendRef { pub port: Option, } +/// Fraction represents the fraction of requests that should be +/// mirrored to BackendRef. +/// +/// Only one of Fraction or Percent may be specified. If neither field +/// is specified, 100% of requests will be mirrored. +/// +/// +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] +pub struct GRPCRouteRulesBackendRefsFiltersRequestMirrorFraction { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub denominator: Option, + pub numerator: i32, +} + /// ResponseHeaderModifier defines a schema for a filter that modifies response /// headers. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GRPCRouteRulesBackendRefsFiltersResponseHeaderModifier { @@ -946,18 +858,15 @@ pub struct GRPCRouteRulesBackendRefsFiltersResponseHeaderModifier { /// before the action. It appends to any existing values associated /// with the header name. /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header: foo /// - /// /// Config: /// add: /// - name: "my-header" /// value: "bar,baz" /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header: foo,bar,baz @@ -968,18 +877,15 @@ pub struct GRPCRouteRulesBackendRefsFiltersResponseHeaderModifier { /// names are case-insensitive (see /// https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header1: foo /// my-header2: bar /// my-header3: baz /// - /// /// Config: /// remove: ["my-header1", "my-header3"] /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header2: bar @@ -988,18 +894,15 @@ pub struct GRPCRouteRulesBackendRefsFiltersResponseHeaderModifier { /// Set overwrites the request with the given header (name, value) /// before the action. /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header: foo /// - /// /// Config: /// set: /// - name: "my-header" /// value: "bar" /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header: bar @@ -1013,7 +916,6 @@ pub struct GRPCRouteRulesBackendRefsFiltersResponseHeaderModifierAdd { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, the first entry with /// an equivalent name MUST be considered for a match. Subsequent entries /// with an equivalent header name MUST be ignored. Due to the @@ -1030,7 +932,6 @@ pub struct GRPCRouteRulesBackendRefsFiltersResponseHeaderModifierSet { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, the first entry with /// an equivalent name MUST be considered for a match. Subsequent entries /// with an equivalent header name MUST be ignored. Due to the @@ -1068,10 +969,8 @@ pub struct GRPCRouteRulesFilters { /// "networking.example.net"). ExtensionRef MUST NOT be used for core and /// extended filters. /// - /// /// Support: Implementation-specific /// - /// /// This filter can be used multiple times within the same rule. #[serde( default, @@ -1082,7 +981,6 @@ pub struct GRPCRouteRulesFilters { /// RequestHeaderModifier defines a schema for a filter that modifies request /// headers. /// - /// /// Support: Core #[serde( default, @@ -1094,13 +992,13 @@ pub struct GRPCRouteRulesFilters { /// Requests are sent to the specified destination, but responses from /// that destination are ignored. /// - /// /// This filter can be used multiple times within the same rule. Note that /// not all implementations will be able to support mirroring to multiple /// backends. /// - /// /// Support: Extended + /// + /// #[serde( default, skip_serializing_if = "Option::is_none", @@ -1110,7 +1008,6 @@ pub struct GRPCRouteRulesFilters { /// ResponseHeaderModifier defines a schema for a filter that modifies response /// headers. /// - /// /// Support: Extended #[serde( default, @@ -1121,17 +1018,14 @@ pub struct GRPCRouteRulesFilters { /// Type identifies the type of filter to apply. As with other API fields, /// types are classified into three conformance levels: /// - /// /// - Core: Filter types and their corresponding configuration defined by /// "Support: Core" in this package, e.g. "RequestHeaderModifier". All /// implementations supporting GRPCRoute MUST support core filters. /// - /// /// - Extended: Filter types and their corresponding configuration defined by /// "Support: Extended" in this package, e.g. "RequestMirror". Implementers /// are encouraged to support extended filters. /// - /// /// - Implementation-specific: Filters that are defined and supported by specific vendors. /// In the future, filters showing convergence in behavior across multiple /// implementations will be considered for inclusion in extended or core @@ -1139,17 +1033,14 @@ pub struct GRPCRouteRulesFilters { /// is specified using the ExtensionRef field. `Type` MUST be set to /// "ExtensionRef" for custom filters. /// - /// /// Implementers are encouraged to define custom implementation types to /// extend the core API with implementation-specific behavior. /// - /// /// If a reference to a custom filter type cannot be resolved, the filter /// MUST NOT be skipped. Instead, requests that would have been processed by /// that filter MUST receive a HTTP error response. /// /// - /// #[serde(rename = "type")] pub r#type: GRPCRouteRulesFiltersType, } @@ -1159,10 +1050,8 @@ pub struct GRPCRouteRulesFilters { /// "networking.example.net"). ExtensionRef MUST NOT be used for core and /// extended filters. /// -/// /// Support: Implementation-specific /// -/// /// This filter can be used multiple times within the same rule. #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GRPCRouteRulesFiltersExtensionRef { @@ -1178,7 +1067,6 @@ pub struct GRPCRouteRulesFiltersExtensionRef { /// RequestHeaderModifier defines a schema for a filter that modifies request /// headers. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GRPCRouteRulesFiltersRequestHeaderModifier { @@ -1186,18 +1074,15 @@ pub struct GRPCRouteRulesFiltersRequestHeaderModifier { /// before the action. It appends to any existing values associated /// with the header name. /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header: foo /// - /// /// Config: /// add: /// - name: "my-header" /// value: "bar,baz" /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header: foo,bar,baz @@ -1208,18 +1093,15 @@ pub struct GRPCRouteRulesFiltersRequestHeaderModifier { /// names are case-insensitive (see /// https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header1: foo /// my-header2: bar /// my-header3: baz /// - /// /// Config: /// remove: ["my-header1", "my-header3"] /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header2: bar @@ -1228,18 +1110,15 @@ pub struct GRPCRouteRulesFiltersRequestHeaderModifier { /// Set overwrites the request with the given header (name, value) /// before the action. /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header: foo /// - /// /// Config: /// set: /// - name: "my-header" /// value: "bar" /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header: bar @@ -1253,7 +1132,6 @@ pub struct GRPCRouteRulesFiltersRequestHeaderModifierAdd { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, the first entry with /// an equivalent name MUST be considered for a match. Subsequent entries /// with an equivalent header name MUST be ignored. Due to the @@ -1270,7 +1148,6 @@ pub struct GRPCRouteRulesFiltersRequestHeaderModifierSet { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, the first entry with /// an equivalent name MUST be considered for a match. Subsequent entries /// with an equivalent header name MUST be ignored. Due to the @@ -1285,76 +1162,83 @@ pub struct GRPCRouteRulesFiltersRequestHeaderModifierSet { /// Requests are sent to the specified destination, but responses from /// that destination are ignored. /// -/// /// This filter can be used multiple times within the same rule. Note that /// not all implementations will be able to support mirroring to multiple /// backends. /// -/// /// Support: Extended +/// +/// #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GRPCRouteRulesFiltersRequestMirror { /// BackendRef references a resource where mirrored requests are sent. /// - /// /// Mirrored requests must be sent only to a single destination endpoint /// within this BackendRef, irrespective of how many endpoints are present /// within this BackendRef. /// - /// /// If the referent cannot be found, this BackendRef is invalid and must be /// dropped from the Gateway. The controller must ensure the "ResolvedRefs" /// condition on the Route status is set to `status: False` and not configure /// this backend in the underlying implementation. /// - /// /// If there is a cross-namespace reference to an *existing* object /// that is not allowed by a ReferenceGrant, the controller must ensure the /// "ResolvedRefs" condition on the Route is set to `status: False`, /// with the "RefNotPermitted" reason and not configure this backend in the /// underlying implementation. /// - /// /// In either error case, the Message of the `ResolvedRefs` Condition /// should be used to provide more detail about the problem. /// - /// /// Support: Extended for Kubernetes Service /// - /// /// Support: Implementation-specific for any other resource #[serde(rename = "backendRef")] pub backend_ref: GRPCRouteRulesFiltersRequestMirrorBackendRef, + /// Fraction represents the fraction of requests that should be + /// mirrored to BackendRef. + /// + /// Only one of Fraction or Percent may be specified. If neither field + /// is specified, 100% of requests will be mirrored. + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub fraction: Option, + /// Percent represents the percentage of requests that should be + /// mirrored to BackendRef. Its minimum value is 0 (indicating 0% of + /// requests) and its maximum value is 100 (indicating 100% of requests). + /// + /// Only one of Fraction or Percent may be specified. If neither field + /// is specified, 100% of requests will be mirrored. + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub percent: Option, } /// BackendRef references a resource where mirrored requests are sent. /// -/// /// Mirrored requests must be sent only to a single destination endpoint /// within this BackendRef, irrespective of how many endpoints are present /// within this BackendRef. /// -/// /// If the referent cannot be found, this BackendRef is invalid and must be /// dropped from the Gateway. The controller must ensure the "ResolvedRefs" /// condition on the Route status is set to `status: False` and not configure /// this backend in the underlying implementation. /// -/// /// If there is a cross-namespace reference to an *existing* object /// that is not allowed by a ReferenceGrant, the controller must ensure the /// "ResolvedRefs" condition on the Route is set to `status: False`, /// with the "RefNotPermitted" reason and not configure this backend in the /// underlying implementation. /// -/// /// In either error case, the Message of the `ResolvedRefs` Condition /// should be used to provide more detail about the problem. /// -/// /// Support: Extended for Kubernetes Service /// -/// /// Support: Implementation-specific for any other resource #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GRPCRouteRulesFiltersRequestMirrorBackendRef { @@ -1365,20 +1249,16 @@ pub struct GRPCRouteRulesFiltersRequestMirrorBackendRef { /// Kind is the Kubernetes resource kind of the referent. For example /// "Service". /// - /// /// Defaults to "Service" when not specified. /// - /// /// ExternalName services can refer to CNAME DNS records that may live /// outside of the cluster and as such are difficult to reason about in /// terms of conformance. They also may not be safe to forward to (see /// CVE-2021-25740 for more information). Implementations SHOULD NOT /// support ExternalName Services. /// - /// /// Support: Core (Services with a type other than ExternalName) /// - /// /// Support: Implementation-specific (Services with type ExternalName) #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, @@ -1387,13 +1267,11 @@ pub struct GRPCRouteRulesFiltersRequestMirrorBackendRef { /// Namespace is the namespace of the backend. When unspecified, the local /// namespace is inferred. /// - /// /// Note that when a namespace different than the local namespace is specified, /// a ReferenceGrant object is required in the referent namespace to allow that /// namespace's owner to accept the reference. See the ReferenceGrant /// documentation for details. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, @@ -1406,10 +1284,23 @@ pub struct GRPCRouteRulesFiltersRequestMirrorBackendRef { pub port: Option, } +/// Fraction represents the fraction of requests that should be +/// mirrored to BackendRef. +/// +/// Only one of Fraction or Percent may be specified. If neither field +/// is specified, 100% of requests will be mirrored. +/// +/// +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] +pub struct GRPCRouteRulesFiltersRequestMirrorFraction { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub denominator: Option, + pub numerator: i32, +} + /// ResponseHeaderModifier defines a schema for a filter that modifies response /// headers. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GRPCRouteRulesFiltersResponseHeaderModifier { @@ -1417,18 +1308,15 @@ pub struct GRPCRouteRulesFiltersResponseHeaderModifier { /// before the action. It appends to any existing values associated /// with the header name. /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header: foo /// - /// /// Config: /// add: /// - name: "my-header" /// value: "bar,baz" /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header: foo,bar,baz @@ -1439,18 +1327,15 @@ pub struct GRPCRouteRulesFiltersResponseHeaderModifier { /// names are case-insensitive (see /// https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header1: foo /// my-header2: bar /// my-header3: baz /// - /// /// Config: /// remove: ["my-header1", "my-header3"] /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header2: bar @@ -1459,18 +1344,15 @@ pub struct GRPCRouteRulesFiltersResponseHeaderModifier { /// Set overwrites the request with the given header (name, value) /// before the action. /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header: foo /// - /// /// Config: /// set: /// - name: "my-header" /// value: "bar" /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header: bar @@ -1484,7 +1366,6 @@ pub struct GRPCRouteRulesFiltersResponseHeaderModifierAdd { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, the first entry with /// an equivalent name MUST be considered for a match. Subsequent entries /// with an equivalent header name MUST be ignored. Due to the @@ -1501,7 +1382,6 @@ pub struct GRPCRouteRulesFiltersResponseHeaderModifierSet { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, the first entry with /// an equivalent name MUST be considered for a match. Subsequent entries /// with an equivalent header name MUST be ignored. Due to the @@ -1530,12 +1410,10 @@ pub enum GRPCRouteRulesFiltersType { /// action. Multiple match types are ANDed together, i.e. the match will /// evaluate to true only if all conditions are satisfied. /// -/// /// For example, the match below will match a gRPC request only if its service /// is `foo` AND it contains the `version: v1` header: /// -/// -/// ``` +/// ```text /// matches: /// - method: /// type: Exact @@ -1544,7 +1422,6 @@ pub enum GRPCRouteRulesFiltersType { /// - name: "version" /// value "v1" /// -/// /// ``` #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GRPCRouteRulesMatches { @@ -1565,7 +1442,6 @@ pub struct GRPCRouteRulesMatches { pub struct GRPCRouteRulesMatchesHeaders { /// Name is the name of the gRPC Header to be matched. /// - /// /// If multiple entries specify equivalent header names, only the first /// entry with an equivalent name MUST be considered for a match. Subsequent /// entries with an equivalent header name MUST be ignored. Due to the @@ -1594,24 +1470,20 @@ pub struct GRPCRouteRulesMatchesMethod { /// Value of the method to match against. If left empty or omitted, will /// match all services. /// - /// /// At least one of Service and Method MUST be a non-empty string. #[serde(default, skip_serializing_if = "Option::is_none")] pub method: Option, /// Value of the service to match against. If left empty or omitted, will /// match any service. /// - /// /// At least one of Service and Method MUST be a non-empty string. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, /// Type specifies how to match against the service and/or method. /// Support: Core (Exact with service and method specified) /// - /// /// Support: Implementation-specific (Exact with method specified but no service specified) /// - /// /// Support: Implementation-specific (RegularExpression) #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -1628,18 +1500,15 @@ pub enum GRPCRouteRulesMatchesMethodType { /// SessionPersistence defines and configures session persistence /// for the route rule. /// -/// /// Support: Extended /// /// -/// #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GRPCRouteRulesSessionPersistence { /// AbsoluteTimeout defines the absolute timeout of the persistent /// session. Once the AbsoluteTimeout duration has elapsed, the /// session becomes invalid. /// - /// /// Support: Extended #[serde( default, @@ -1650,7 +1519,6 @@ pub struct GRPCRouteRulesSessionPersistence { /// CookieConfig provides configuration settings that are specific /// to cookie-based session persistence. /// - /// /// Support: Core #[serde( default, @@ -1662,7 +1530,6 @@ pub struct GRPCRouteRulesSessionPersistence { /// Once the session has been idle for more than the specified /// IdleTimeout duration, the session becomes invalid. /// - /// /// Support: Extended #[serde( default, @@ -1675,7 +1542,6 @@ pub struct GRPCRouteRulesSessionPersistence { /// should avoid reusing session names to prevent unintended /// consequences, such as rejection or unpredictable behavior. /// - /// /// Support: Implementation-specific #[serde( default, @@ -1687,10 +1553,8 @@ pub struct GRPCRouteRulesSessionPersistence { /// the use a header or cookie. Defaults to cookie based session /// persistence. /// - /// /// Support: Core for "Cookie" type /// - /// /// Support: Extended for "Header" type #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -1699,7 +1563,6 @@ pub struct GRPCRouteRulesSessionPersistence { /// CookieConfig provides configuration settings that are specific /// to cookie-based session persistence. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GRPCRouteRulesSessionPersistenceCookieConfig { @@ -1709,20 +1572,16 @@ pub struct GRPCRouteRulesSessionPersistenceCookieConfig { /// attributes, while a session cookie is deleted when the current /// session ends. /// - /// /// When set to "Permanent", AbsoluteTimeout indicates the /// cookie's lifetime via the Expires or Max-Age cookie attributes /// and is required. /// - /// /// When set to "Session", AbsoluteTimeout indicates the /// absolute lifetime of the cookie tracked by the gateway and /// is optional. /// - /// /// Support: Core for "Session" type /// - /// /// Support: Extended for "Permanent" type #[serde( default, @@ -1735,7 +1594,6 @@ pub struct GRPCRouteRulesSessionPersistenceCookieConfig { /// CookieConfig provides configuration settings that are specific /// to cookie-based session persistence. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum GRPCRouteRulesSessionPersistenceCookieConfigLifetimeType { @@ -1746,11 +1604,9 @@ pub enum GRPCRouteRulesSessionPersistenceCookieConfigLifetimeType { /// SessionPersistence defines and configures session persistence /// for the route rule. /// -/// /// Support: Extended /// /// -/// #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum GRPCRouteRulesSessionPersistenceType { Cookie, @@ -1767,13 +1623,11 @@ pub struct GRPCRouteStatus { /// first sees the route and should update the entry as appropriate when the /// route or gateway is modified. /// - /// /// Note that parent references that cannot be resolved by an implementation /// of this API will not be added to this list. Implementations of this API /// can only populate Route status for the Gateways/parent resources they are /// responsible for. /// - /// /// A maximum of 32 Gateways will be represented in this list. An empty list /// means the route has not been attached to any Gateway. pub parents: Vec, @@ -1787,22 +1641,18 @@ pub struct GRPCRouteStatusParents { /// Note that the route's availability is also subject to the Gateway's own /// status conditions and listener status. /// - /// /// If the Route's ParentRef specifies an existing Gateway that supports /// Routes of this kind AND that Gateway's controller has sufficient access, /// then that Gateway's controller MUST set the "Accepted" condition on the /// Route, to indicate whether the route has been accepted or rejected by the /// Gateway, and why. /// - /// /// A Route MUST be considered "Accepted" if at least one of the Route's /// rules is implemented by the Gateway. /// - /// /// There are a number of cases where the "Accepted" condition may not be set /// due to lack of controller visibility, that includes when: /// - /// /// * The Route refers to a non-existent parent. /// * The Route is of a type that the controller does not support. /// * The Route is in a namespace the controller does not have access to. @@ -1812,15 +1662,12 @@ pub struct GRPCRouteStatusParents { /// controller that wrote this status. This corresponds with the /// controllerName field on GatewayClass. /// - /// /// Example: "example.net/gateway-controller". /// - /// /// The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are /// valid Kubernetes names /// (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). /// - /// /// Controllers MUST populate this field when writing status. Controllers should ensure that /// entries to status populated with their ControllerName are cleaned up when they are no /// longer necessary. @@ -1841,32 +1688,26 @@ pub struct GRPCRouteStatusParentsParentRef { /// To set the core API group (such as for a "Service" kind referent), /// Group must be explicitly set to "" (empty string). /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// Kind is kind of the referent. /// - /// /// There are two kinds of parent resources with "Core" support: /// - /// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// - /// /// Support for other resources is Implementation-Specific. #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, /// Name is the name of the referent. /// - /// /// Support: Core pub name: String, /// Namespace is the namespace of the referent. When unspecified, this refers /// to the local namespace of the Route. /// - /// /// Note that there are specific rules for ParentRefs which cross namespace /// boundaries. Cross-namespace references are only valid if they are explicitly /// allowed by something in the namespace they are referring to. For example: @@ -1874,12 +1715,10 @@ pub struct GRPCRouteStatusParentsParentRef { /// generic way to enable any other kind of cross-namespace reference. /// /// - /// /// ParentRefs from a Route to a Service in the same namespace are "producer" /// routes, which apply default routing rules to inbound connections from /// any namespace to the Service. /// - /// /// ParentRefs from a Route to a Service in a different namespace are /// "consumer" routes, and these routing rules are only applied to outbound /// connections originating from the same namespace as the Route, for which @@ -1887,14 +1726,12 @@ pub struct GRPCRouteStatusParentsParentRef { /// ParentRef of the Route. /// /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Port is the network port this Route targets. It can be interpreted /// differently based on the type of parent resource. /// - /// /// When the parent resource is a Gateway, this targets all listeners /// listening on the specified port that also support this kind of Route(and /// select this Route). It's not recommended to set `Port` unless the @@ -1904,18 +1741,15 @@ pub struct GRPCRouteStatusParentsParentRef { /// must match both specified values. /// /// - /// /// When the parent resource is a Service, this targets a specific port in the /// Service spec. When both Port (experimental) and SectionName are specified, /// the name and port of the selected port must match both specified values. /// /// - /// /// Implementations MAY choose to support other parent resources. /// Implementations supporting other types of parent resources MUST clearly /// document how/if Port is interpreted. /// - /// /// For the purpose of status, an attachment is considered successful as /// long as the parent resource accepts it partially. For example, Gateway /// listeners can restrict which Routes can attach to them by Route kind, @@ -1924,14 +1758,12 @@ pub struct GRPCRouteStatusParentsParentRef { /// attached. If no Gateway listeners accept attachment from this Route, /// the Route MUST be considered detached from the Gateway. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// SectionName is the name of a section within the target resource. In the /// following resources, SectionName is interpreted as the following: /// - /// /// * Gateway: Listener name. When both Port (experimental) and SectionName /// are specified, the name and port of the selected listener must match /// both specified values. @@ -1939,12 +1771,10 @@ pub struct GRPCRouteStatusParentsParentRef { /// are specified, the name and port of the selected listener must match /// both specified values. /// - /// /// Implementations MAY choose to support attaching Routes to other resources. /// If that is the case, they MUST clearly document how SectionName is /// interpreted. /// - /// /// When unspecified (empty string), this will reference the entire resource. /// For the purpose of status, an attachment is considered successful if at /// least one section in the parent resource accepts it. For example, Gateway @@ -1954,7 +1784,6 @@ pub struct GRPCRouteStatusParentsParentRef { /// attached. If no Gateway listeners accept attachment from this Route, the /// Route MUST be considered detached from the Gateway. /// - /// /// Support: Core #[serde( default, diff --git a/gateway-api/src/apis/experimental/httproutes.rs b/gateway-api/src/apis/experimental/httproutes.rs index 42aac7b..ce745ef 100644 --- a/gateway-api/src/apis/experimental/httproutes.rs +++ b/gateway-api/src/apis/experimental/httproutes.rs @@ -1,6 +1,6 @@ // WARNING: generated by kopium - manual changes will be overwritten // kopium command: kopium --schema=derived --derive=JsonSchema --derive=Default --derive=PartialEq --docs -f - -// kopium version: 0.20.1 +// kopium version: 0.21.1 #[allow(unused_imports)] mod prelude { @@ -30,21 +30,17 @@ pub struct HTTPRouteSpec { /// performing a match and (absent of any applicable header modification /// configuration) MUST forward this header unmodified to the backend. /// - /// /// Valid values for Hostnames are determined by RFC 1123 definition of a /// hostname with 2 notable exceptions: /// - /// /// 1. IPs are not allowed. /// 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard /// label must appear by itself as the first label. /// - /// /// If a hostname is specified by both the Listener and HTTPRoute, there /// must be at least one intersecting hostname for the HTTPRoute to be /// attached to the Listener. For example: /// - /// /// * A Listener with `test.example.com` as the hostname matches HTTPRoutes /// that have either not specified any hostnames, or have specified at /// least one of `test.example.com` or `*.example.com`. @@ -55,38 +51,31 @@ pub struct HTTPRouteSpec { /// all match. On the other hand, `example.com` and `test.example.net` would /// not match. /// - /// /// Hostnames that are prefixed with a wildcard label (`*.`) are interpreted /// as a suffix match. That means that a match for `*.example.com` would match /// both `test.example.com`, and `foo.test.example.com`, but not `example.com`. /// - /// /// If both the Listener and HTTPRoute have specified hostnames, any /// HTTPRoute hostnames that do not match the Listener hostname MUST be /// ignored. For example, if a Listener specified `*.example.com`, and the /// HTTPRoute specified `test.example.com` and `test.example.net`, /// `test.example.net` must not be considered for a match. /// - /// /// If both the Listener and HTTPRoute have specified hostnames, and none /// match with the criteria above, then the HTTPRoute is not accepted. The /// implementation must raise an 'Accepted' Condition with a status of /// `False` in the corresponding RouteParentStatus. /// - /// /// In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. /// overlapping wildcard matching and exact matching hostnames), precedence must /// be given to rules from the HTTPRoute with the largest number of: /// - /// /// * Characters in a matching non-wildcard hostname. /// * Characters in a matching hostname. /// - /// /// If ties exist across multiple Routes, the matching precedence rules for /// HTTPRouteMatches takes over. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub hostnames: Option>, @@ -101,21 +90,16 @@ pub struct HTTPRouteSpec { /// create a "producer" route for a Service in a different namespace from the /// Route. /// - /// /// There are two kinds of parent resources with "Core" support: /// - /// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// - /// /// This API may be extended in the future to support additional kinds of parent /// resources. /// - /// /// ParentRefs must be _distinct_. This means either that: /// - /// /// * They select different objects. If this is the case, then parentRef /// entries are distinct. In terms of fields, this means that the /// multi-part key defined by `group`, `kind`, `namespace`, and `name` must @@ -125,10 +109,8 @@ pub struct HTTPRouteSpec { /// optional fields to different values. If one ParentRef sets a /// combination of optional fields, all must set the same combination. /// - /// /// Some examples: /// - /// /// * If one ParentRef sets `sectionName`, all ParentRefs referencing the /// same object must also set `sectionName`. /// * If one ParentRef sets `port`, all ParentRefs referencing the same @@ -136,14 +118,12 @@ pub struct HTTPRouteSpec { /// * If one ParentRef sets `sectionName` and `port`, all ParentRefs /// referencing the same object must also set `sectionName` and `port`. /// - /// /// It is possible to separately reference multiple distinct objects that may /// be collapsed by an implementation. For example, some implementations may /// choose to merge compatible Gateway Listeners together. If that is the /// case, the list of routes attached to those resources should also be /// merged. /// - /// /// Note that for ParentRefs that cross namespace boundaries, there are specific /// rules. Cross-namespace references are only valid if they are explicitly /// allowed by something in the namespace they are referring to. For example, @@ -151,12 +131,10 @@ pub struct HTTPRouteSpec { /// generic way to enable other kinds of cross-namespace reference. /// /// - /// /// ParentRefs from a Route to a Service in the same namespace are "producer" /// routes, which apply default routing rules to inbound connections from /// any namespace to the Service. /// - /// /// ParentRefs from a Route to a Service in a different namespace are /// "consumer" routes, and these routing rules are only applied to outbound /// connections originating from the same namespace as the Route, for which @@ -168,7 +146,6 @@ pub struct HTTPRouteSpec { /// /// /// - /// #[serde( default, skip_serializing_if = "Option::is_none", @@ -176,6 +153,8 @@ pub struct HTTPRouteSpec { )] pub parent_refs: Option>, /// Rules are a list of HTTP matchers, filters and actions. + /// + /// #[serde(default, skip_serializing_if = "Option::is_none")] pub rules: Option>, } @@ -184,15 +163,12 @@ pub struct HTTPRouteSpec { /// a parent of this resource (usually a route). There are two kinds of parent resources /// with "Core" support: /// -/// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// -/// /// This API may be extended in the future to support additional kinds of parent /// resources. /// -/// /// The API object must be valid in the cluster; the Group and Kind must /// be registered in the cluster for this reference to be valid. #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] @@ -202,32 +178,26 @@ pub struct HTTPRouteParentRefs { /// To set the core API group (such as for a "Service" kind referent), /// Group must be explicitly set to "" (empty string). /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// Kind is kind of the referent. /// - /// /// There are two kinds of parent resources with "Core" support: /// - /// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// - /// /// Support for other resources is Implementation-Specific. #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, /// Name is the name of the referent. /// - /// /// Support: Core pub name: String, /// Namespace is the namespace of the referent. When unspecified, this refers /// to the local namespace of the Route. /// - /// /// Note that there are specific rules for ParentRefs which cross namespace /// boundaries. Cross-namespace references are only valid if they are explicitly /// allowed by something in the namespace they are referring to. For example: @@ -235,12 +205,10 @@ pub struct HTTPRouteParentRefs { /// generic way to enable any other kind of cross-namespace reference. /// /// - /// /// ParentRefs from a Route to a Service in the same namespace are "producer" /// routes, which apply default routing rules to inbound connections from /// any namespace to the Service. /// - /// /// ParentRefs from a Route to a Service in a different namespace are /// "consumer" routes, and these routing rules are only applied to outbound /// connections originating from the same namespace as the Route, for which @@ -248,14 +216,12 @@ pub struct HTTPRouteParentRefs { /// ParentRef of the Route. /// /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Port is the network port this Route targets. It can be interpreted /// differently based on the type of parent resource. /// - /// /// When the parent resource is a Gateway, this targets all listeners /// listening on the specified port that also support this kind of Route(and /// select this Route). It's not recommended to set `Port` unless the @@ -265,18 +231,15 @@ pub struct HTTPRouteParentRefs { /// must match both specified values. /// /// - /// /// When the parent resource is a Service, this targets a specific port in the /// Service spec. When both Port (experimental) and SectionName are specified, /// the name and port of the selected port must match both specified values. /// /// - /// /// Implementations MAY choose to support other parent resources. /// Implementations supporting other types of parent resources MUST clearly /// document how/if Port is interpreted. /// - /// /// For the purpose of status, an attachment is considered successful as /// long as the parent resource accepts it partially. For example, Gateway /// listeners can restrict which Routes can attach to them by Route kind, @@ -285,14 +248,12 @@ pub struct HTTPRouteParentRefs { /// attached. If no Gateway listeners accept attachment from this Route, /// the Route MUST be considered detached from the Gateway. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// SectionName is the name of a section within the target resource. In the /// following resources, SectionName is interpreted as the following: /// - /// /// * Gateway: Listener name. When both Port (experimental) and SectionName /// are specified, the name and port of the selected listener must match /// both specified values. @@ -300,12 +261,10 @@ pub struct HTTPRouteParentRefs { /// are specified, the name and port of the selected listener must match /// both specified values. /// - /// /// Implementations MAY choose to support attaching Routes to other resources. /// If that is the case, they MUST clearly document how SectionName is /// interpreted. /// - /// /// When unspecified (empty string), this will reference the entire resource. /// For the purpose of status, an attachment is considered successful if at /// least one section in the parent resource accepts it. For example, Gateway @@ -315,7 +274,6 @@ pub struct HTTPRouteParentRefs { /// attached. If no Gateway listeners accept attachment from this Route, the /// Route MUST be considered detached from the Gateway. /// - /// /// Support: Core #[serde( default, @@ -333,41 +291,37 @@ pub struct HTTPRouteRules { /// BackendRefs defines the backend(s) where matching requests should be /// sent. /// - /// /// Failure behavior here depends on how many BackendRefs are specified and /// how many are invalid. /// - /// /// If *all* entries in BackendRefs are invalid, and there are also no filters /// specified in this route rule, *all* traffic which matches this rule MUST /// receive a 500 status code. /// - /// /// See the HTTPBackendRef definition for the rules about what makes a single /// HTTPBackendRef invalid. /// - /// /// When a HTTPBackendRef is invalid, 500 status codes MUST be returned for /// requests that would have otherwise been routed to an invalid backend. If /// multiple backends are specified, and some are invalid, the proportion of /// requests that would otherwise have been routed to an invalid backend /// MUST receive a 500 status code. /// - /// /// For example, if two backends are specified with equal weights, and one is /// invalid, 50 percent of traffic must receive a 500. Implementations may /// choose how that 50 percent is determined. /// + /// When a HTTPBackendRef refers to a Service that has no ready endpoints, + /// implementations SHOULD return a 503 for requests to that backend instead. + /// If an implementation chooses to do this, all of the above rules for 500 responses + /// MUST also apply for responses that return a 503. /// /// Support: Core for Kubernetes Service /// - /// /// Support: Extended for Kubernetes ServiceImport /// - /// /// Support: Implementation-specific for any other resource /// - /// /// Support for weight: Core #[serde( default, @@ -378,37 +332,30 @@ pub struct HTTPRouteRules { /// Filters define the filters that are applied to requests that match /// this rule. /// - /// /// Wherever possible, implementations SHOULD implement filters in the order /// they are specified. /// - /// /// Implementations MAY choose to implement this ordering strictly, rejecting /// any combination or order of filters that can not be supported. If implementations /// choose a strict interpretation of filter ordering, they MUST clearly document /// that behavior. /// - /// /// To reject an invalid combination or order of filters, implementations SHOULD /// consider the Route Rules with this configuration invalid. If all Route Rules /// in a Route are invalid, the entire Route would be considered invalid. If only /// a portion of Route Rules are invalid, implementations MUST set the /// "PartiallyInvalid" condition for the Route. /// - /// /// Conformance-levels at this level are defined based on the type of filter: /// - /// /// - ALL core filters MUST be supported by all implementations. /// - Implementers are encouraged to support extended filters. /// - Implementation-specific custom filters have no API guarantees across /// implementations. /// - /// /// Specifying the same filter multiple times is not supported unless explicitly /// indicated in the filter. /// - /// /// All filters are expected to be compatible with each other except for the /// URLRewrite and RequestRedirect filters, which may not be combined. If an /// implementation can not support other combinations of filters, they must clearly @@ -417,7 +364,6 @@ pub struct HTTPRouteRules { /// `False`, implementations may use the `IncompatibleFilters` reason to specify /// this configuration error. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub filters: Option>, @@ -425,11 +371,9 @@ pub struct HTTPRouteRules { /// HTTP requests. Each match is independent, i.e. this rule will be matched /// if **any** one of the matches is satisfied. /// - /// /// For example, take the following matches configuration: /// - /// - /// ``` + /// ```text /// matches: /// - path: /// value: "/foo" @@ -440,65 +384,65 @@ pub struct HTTPRouteRules { /// value: "/v2/foo" /// ``` /// - /// /// For a request to match against this rule, a request must satisfy /// EITHER of the two conditions: /// - /// /// - path prefixed with `/foo` AND contains the header `version: v2` /// - path prefix of `/v2/foo` /// - /// /// See the documentation for HTTPRouteMatch on how to specify multiple /// match conditions that should be ANDed together. /// - /// /// If no matches are specified, the default is a prefix /// path match on "/", which has the effect of matching every /// HTTP request. /// - /// /// Proxy or Load Balancer routing configuration generated from HTTPRoutes /// MUST prioritize matches based on the following criteria, continuing on /// ties. Across all rules specified on applicable Routes, precedence must be /// given to the match having: /// - /// /// * "Exact" path match. /// * "Prefix" path match with largest number of characters. /// * Method match. /// * Largest number of header matches. /// * Largest number of query param matches. /// - /// /// Note: The precedence of RegularExpression path matches are implementation-specific. /// - /// /// If ties still exist across multiple Routes, matching precedence MUST be /// determined in order of the following criteria, continuing on ties: /// - /// /// * The oldest Route based on creation timestamp. /// * The Route appearing first in alphabetical order by /// "{namespace}/{name}". /// - /// /// If ties still exist within an HTTPRoute, matching precedence MUST be granted /// to the FIRST matching rule (in list order) with a match meeting the above /// criteria. /// - /// /// When no rules matching a request have been successfully attached to the /// parent a request is coming from, a HTTP 404 status code MUST be returned. #[serde(default, skip_serializing_if = "Option::is_none")] pub matches: Option>, - /// SessionPersistence defines and configures session persistence - /// for the route rule. + /// Name is the name of the route rule. This name MUST be unique within a Route if it is set. + /// + /// Support: Extended /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Retry defines the configuration for when to retry an HTTP request. /// /// Support: Extended /// /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub retry: Option, + /// SessionPersistence defines and configures session persistence + /// for the route rule. + /// + /// Support: Extended + /// /// #[serde( default, @@ -508,52 +452,40 @@ pub struct HTTPRouteRules { pub session_persistence: Option, /// Timeouts defines the timeouts that can be configured for an HTTP request. /// - /// /// Support: Extended - /// - /// - /// #[serde(default, skip_serializing_if = "Option::is_none")] pub timeouts: Option, } /// HTTPBackendRef defines how a HTTPRoute forwards a HTTP request. /// -/// /// Note that when a namespace different than the local namespace is specified, a /// ReferenceGrant object is required in the referent namespace to allow that /// namespace's owner to accept the reference. See the ReferenceGrant /// documentation for details. /// -/// /// /// -/// /// When the BackendRef points to a Kubernetes Service, implementations SHOULD /// honor the appProtocol field if it is set for the target Service Port. /// -/// /// Implementations supporting appProtocol SHOULD recognize the Kubernetes /// Standard Application Protocols defined in KEP-3726. /// -/// /// If a Service appProtocol isn't specified, an implementation MAY infer the /// backend protocol through its own means. Implementations MAY infer the /// protocol from the Route type referring to the backend Service. /// -/// /// If a Route is not able to send traffic to the backend using the specified /// protocol then the backend is considered invalid. Implementations MUST set the /// "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason. /// -/// /// #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesBackendRefs { /// Filters defined at this level should be executed if and only if the /// request is being forwarded to the backend defined here. /// - /// /// Support: Implementation-specific (For broader support of filters, use the /// Filters field in HTTPRouteRule.) #[serde(default, skip_serializing_if = "Option::is_none")] @@ -565,20 +497,16 @@ pub struct HTTPRouteRulesBackendRefs { /// Kind is the Kubernetes resource kind of the referent. For example /// "Service". /// - /// /// Defaults to "Service" when not specified. /// - /// /// ExternalName services can refer to CNAME DNS records that may live /// outside of the cluster and as such are difficult to reason about in /// terms of conformance. They also may not be safe to forward to (see /// CVE-2021-25740 for more information). Implementations SHOULD NOT /// support ExternalName Services. /// - /// /// Support: Core (Services with a type other than ExternalName) /// - /// /// Support: Implementation-specific (Services with type ExternalName) #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, @@ -587,13 +515,11 @@ pub struct HTTPRouteRulesBackendRefs { /// Namespace is the namespace of the backend. When unspecified, the local /// namespace is inferred. /// - /// /// Note that when a namespace different than the local namespace is specified, /// a ReferenceGrant object is required in the referent namespace to allow that /// namespace's owner to accept the reference. See the ReferenceGrant /// documentation for details. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, @@ -611,13 +537,11 @@ pub struct HTTPRouteRulesBackendRefs { /// implementation supports. Weight is not a percentage and the sum of /// weights does not need to equal 100. /// - /// /// If only one backend is specified and it has a weight greater than 0, 100% /// of the traffic is forwarded to that backend. If weight is set to 0, no /// traffic should be forwarded for this entry. If unspecified, weight /// defaults to 1. /// - /// /// Support for this field varies based on the context where used. #[serde(default, skip_serializing_if = "Option::is_none")] pub weight: Option, @@ -636,10 +560,8 @@ pub struct HTTPRouteRulesBackendRefsFilters { /// "networking.example.net"). ExtensionRef MUST NOT be used for core and /// extended filters. /// - /// /// This filter can be used multiple times within the same rule. /// - /// /// Support: Implementation-specific #[serde( default, @@ -650,7 +572,6 @@ pub struct HTTPRouteRulesBackendRefsFilters { /// RequestHeaderModifier defines a schema for a filter that modifies request /// headers. /// - /// /// Support: Core #[serde( default, @@ -662,13 +583,13 @@ pub struct HTTPRouteRulesBackendRefsFilters { /// Requests are sent to the specified destination, but responses from /// that destination are ignored. /// - /// /// This filter can be used multiple times within the same rule. Note that /// not all implementations will be able to support mirroring to multiple /// backends. /// - /// /// Support: Extended + /// + /// #[serde( default, skip_serializing_if = "Option::is_none", @@ -678,7 +599,6 @@ pub struct HTTPRouteRulesBackendRefsFilters { /// RequestRedirect defines a schema for a filter that responds to the /// request with an HTTP redirection. /// - /// /// Support: Core #[serde( default, @@ -689,7 +609,6 @@ pub struct HTTPRouteRulesBackendRefsFilters { /// ResponseHeaderModifier defines a schema for a filter that modifies response /// headers. /// - /// /// Support: Extended #[serde( default, @@ -700,17 +619,14 @@ pub struct HTTPRouteRulesBackendRefsFilters { /// Type identifies the type of filter to apply. As with other API fields, /// types are classified into three conformance levels: /// - /// /// - Core: Filter types and their corresponding configuration defined by /// "Support: Core" in this package, e.g. "RequestHeaderModifier". All /// implementations must support core filters. /// - /// /// - Extended: Filter types and their corresponding configuration defined by /// "Support: Extended" in this package, e.g. "RequestMirror". Implementers /// are encouraged to support extended filters. /// - /// /// - Implementation-specific: Filters that are defined and supported by /// specific vendors. /// In the future, filters showing convergence in behavior across multiple @@ -719,20 +635,16 @@ pub struct HTTPRouteRulesBackendRefsFilters { /// is specified using the ExtensionRef field. `Type` should be set to /// "ExtensionRef" for custom filters. /// - /// /// Implementers are encouraged to define custom implementation types to /// extend the core API with implementation-specific behavior. /// - /// /// If a reference to a custom filter type cannot be resolved, the filter /// MUST NOT be skipped. Instead, requests that would have been processed by /// that filter MUST receive a HTTP error response. /// - /// /// Note that values may be added to this enum, implementations /// must ensure that unknown values will not cause a crash. /// - /// /// Unknown values here must result in the implementation setting the /// Accepted Condition for the Route to `status: False`, with a /// Reason of `UnsupportedValue`. @@ -740,7 +652,6 @@ pub struct HTTPRouteRulesBackendRefsFilters { pub r#type: HTTPRouteRulesBackendRefsFiltersType, /// URLRewrite defines a schema for a filter that modifies a request during forwarding. /// - /// /// Support: Extended #[serde( default, @@ -755,10 +666,8 @@ pub struct HTTPRouteRulesBackendRefsFilters { /// "networking.example.net"). ExtensionRef MUST NOT be used for core and /// extended filters. /// -/// /// This filter can be used multiple times within the same rule. /// -/// /// Support: Implementation-specific #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesBackendRefsFiltersExtensionRef { @@ -774,7 +683,6 @@ pub struct HTTPRouteRulesBackendRefsFiltersExtensionRef { /// RequestHeaderModifier defines a schema for a filter that modifies request /// headers. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesBackendRefsFiltersRequestHeaderModifier { @@ -782,18 +690,15 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestHeaderModifier { /// before the action. It appends to any existing values associated /// with the header name. /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header: foo /// - /// /// Config: /// add: /// - name: "my-header" /// value: "bar,baz" /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header: foo,bar,baz @@ -804,18 +709,15 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestHeaderModifier { /// names are case-insensitive (see /// https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header1: foo /// my-header2: bar /// my-header3: baz /// - /// /// Config: /// remove: ["my-header1", "my-header3"] /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header2: bar @@ -824,18 +726,15 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestHeaderModifier { /// Set overwrites the request with the given header (name, value) /// before the action. /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header: foo /// - /// /// Config: /// set: /// - name: "my-header" /// value: "bar" /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header: bar @@ -849,7 +748,6 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestHeaderModifierAdd { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, the first entry with /// an equivalent name MUST be considered for a match. Subsequent entries /// with an equivalent header name MUST be ignored. Due to the @@ -866,7 +764,6 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestHeaderModifierSet { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, the first entry with /// an equivalent name MUST be considered for a match. Subsequent entries /// with an equivalent header name MUST be ignored. Due to the @@ -881,76 +778,83 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestHeaderModifierSet { /// Requests are sent to the specified destination, but responses from /// that destination are ignored. /// -/// /// This filter can be used multiple times within the same rule. Note that /// not all implementations will be able to support mirroring to multiple /// backends. /// -/// /// Support: Extended +/// +/// #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesBackendRefsFiltersRequestMirror { /// BackendRef references a resource where mirrored requests are sent. /// - /// /// Mirrored requests must be sent only to a single destination endpoint /// within this BackendRef, irrespective of how many endpoints are present /// within this BackendRef. /// - /// /// If the referent cannot be found, this BackendRef is invalid and must be /// dropped from the Gateway. The controller must ensure the "ResolvedRefs" /// condition on the Route status is set to `status: False` and not configure /// this backend in the underlying implementation. /// - /// /// If there is a cross-namespace reference to an *existing* object /// that is not allowed by a ReferenceGrant, the controller must ensure the /// "ResolvedRefs" condition on the Route is set to `status: False`, /// with the "RefNotPermitted" reason and not configure this backend in the /// underlying implementation. /// - /// /// In either error case, the Message of the `ResolvedRefs` Condition /// should be used to provide more detail about the problem. /// - /// /// Support: Extended for Kubernetes Service /// - /// /// Support: Implementation-specific for any other resource #[serde(rename = "backendRef")] pub backend_ref: HTTPRouteRulesBackendRefsFiltersRequestMirrorBackendRef, + /// Fraction represents the fraction of requests that should be + /// mirrored to BackendRef. + /// + /// Only one of Fraction or Percent may be specified. If neither field + /// is specified, 100% of requests will be mirrored. + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub fraction: Option, + /// Percent represents the percentage of requests that should be + /// mirrored to BackendRef. Its minimum value is 0 (indicating 0% of + /// requests) and its maximum value is 100 (indicating 100% of requests). + /// + /// Only one of Fraction or Percent may be specified. If neither field + /// is specified, 100% of requests will be mirrored. + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub percent: Option, } /// BackendRef references a resource where mirrored requests are sent. /// -/// /// Mirrored requests must be sent only to a single destination endpoint /// within this BackendRef, irrespective of how many endpoints are present /// within this BackendRef. /// -/// /// If the referent cannot be found, this BackendRef is invalid and must be /// dropped from the Gateway. The controller must ensure the "ResolvedRefs" /// condition on the Route status is set to `status: False` and not configure /// this backend in the underlying implementation. /// -/// /// If there is a cross-namespace reference to an *existing* object /// that is not allowed by a ReferenceGrant, the controller must ensure the /// "ResolvedRefs" condition on the Route is set to `status: False`, /// with the "RefNotPermitted" reason and not configure this backend in the /// underlying implementation. /// -/// /// In either error case, the Message of the `ResolvedRefs` Condition /// should be used to provide more detail about the problem. /// -/// /// Support: Extended for Kubernetes Service /// -/// /// Support: Implementation-specific for any other resource #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesBackendRefsFiltersRequestMirrorBackendRef { @@ -961,20 +865,16 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestMirrorBackendRef { /// Kind is the Kubernetes resource kind of the referent. For example /// "Service". /// - /// /// Defaults to "Service" when not specified. /// - /// /// ExternalName services can refer to CNAME DNS records that may live /// outside of the cluster and as such are difficult to reason about in /// terms of conformance. They also may not be safe to forward to (see /// CVE-2021-25740 for more information). Implementations SHOULD NOT /// support ExternalName Services. /// - /// /// Support: Core (Services with a type other than ExternalName) /// - /// /// Support: Implementation-specific (Services with type ExternalName) #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, @@ -983,13 +883,11 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestMirrorBackendRef { /// Namespace is the namespace of the backend. When unspecified, the local /// namespace is inferred. /// - /// /// Note that when a namespace different than the local namespace is specified, /// a ReferenceGrant object is required in the referent namespace to allow that /// namespace's owner to accept the reference. See the ReferenceGrant /// documentation for details. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, @@ -1002,10 +900,23 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestMirrorBackendRef { pub port: Option, } +/// Fraction represents the fraction of requests that should be +/// mirrored to BackendRef. +/// +/// Only one of Fraction or Percent may be specified. If neither field +/// is specified, 100% of requests will be mirrored. +/// +/// +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] +pub struct HTTPRouteRulesBackendRefsFiltersRequestMirrorFraction { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub denominator: Option, + pub numerator: i32, +} + /// RequestRedirect defines a schema for a filter that responds to the /// request with an HTTP redirection. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesBackendRefsFiltersRequestRedirect { @@ -1013,7 +924,6 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestRedirect { /// header in the response. /// When empty, the hostname in the `Host` header of the request is used. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub hostname: Option, @@ -1021,18 +931,15 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestRedirect { /// The modified path is then used to construct the `Location` header. When /// empty, the request path is used as-is. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, /// Port is the port to be used in the value of the `Location` /// header in the response. /// - /// /// If no port is specified, the redirect port MUST be derived using the /// following rules: /// - /// /// * If redirect scheme is not-empty, the redirect port MUST be the well-known /// port associated with the redirect scheme. Specifically "http" to port 80 /// and "https" to port 443. If the redirect scheme does not have a @@ -1040,52 +947,42 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestRedirect { /// * If redirect scheme is empty, the redirect port MUST be the Gateway /// Listener port. /// - /// /// Implementations SHOULD NOT add the port number in the 'Location' /// header in the following cases: /// - /// /// * A Location header that will use HTTP (whether that is determined via /// the Listener protocol or the Scheme field) _and_ use port 80. /// * A Location header that will use HTTPS (whether that is determined via /// the Listener protocol or the Scheme field) _and_ use port 443. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// Scheme is the scheme to be used in the value of the `Location` header in /// the response. When empty, the scheme of the request is used. /// - /// /// Scheme redirects can affect the port of the redirect, for more information, /// refer to the documentation for the port field of this filter. /// - /// /// Note that values may be added to this enum, implementations /// must ensure that unknown values will not cause a crash. /// - /// /// Unknown values here must result in the implementation setting the /// Accepted Condition for the Route to `status: False`, with a /// Reason of `UnsupportedValue`. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub scheme: Option, /// StatusCode is the HTTP status code to be used in response. /// - /// /// Note that values may be added to this enum, implementations /// must ensure that unknown values will not cause a crash. /// - /// /// Unknown values here must result in the implementation setting the /// Accepted Condition for the Route to `status: False`, with a /// Reason of `UnsupportedValue`. /// - /// /// Support: Core #[serde( default, @@ -1099,7 +996,6 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestRedirect { /// The modified path is then used to construct the `Location` header. When /// empty, the request path is used as-is. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesBackendRefsFiltersRequestRedirectPath { @@ -1116,32 +1012,17 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestRedirectPath { /// to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch /// of "/xyz" would be modified to "/xyz/bar". /// - /// /// Note that this matches the behavior of the PathPrefix match type. This /// matches full path elements. A path element refers to the list of labels /// in the path split by the `/` separator. When specified, a trailing `/` is /// ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all /// match the prefix `/abc`, but the path `/abcd` would not. /// - /// /// ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. /// Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in /// the implementation setting the Accepted Condition for the Route to `status: False`. /// - /// /// Request Path | Prefix Match | Replace Prefix | Modified Path - /// -------------|--------------|----------------|---------- - /// /foo/bar | /foo | /xyz | /xyz/bar - /// /foo/bar | /foo | /xyz/ | /xyz/bar - /// /foo/bar | /foo/ | /xyz | /xyz/bar - /// /foo/bar | /foo/ | /xyz/ | /xyz/bar - /// /foo | /foo | /xyz | /xyz - /// /foo/ | /foo | /xyz | /xyz/ - /// /foo/bar | /foo | | /bar - /// /foo/ | /foo | | / - /// /foo | /foo | | / - /// /foo/ | /foo | / | / - /// /foo | /foo | / | / #[serde( default, skip_serializing_if = "Option::is_none", @@ -1151,11 +1032,9 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestRedirectPath { /// Type defines the type of path modifier. Additional types may be /// added in a future release of the API. /// - /// /// Note that values may be added to this enum, implementations /// must ensure that unknown values will not cause a crash. /// - /// /// Unknown values here must result in the implementation setting the /// Accepted Condition for the Route to `status: False`, with a /// Reason of `UnsupportedValue`. @@ -1167,7 +1046,6 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestRedirectPath { /// The modified path is then used to construct the `Location` header. When /// empty, the request path is used as-is. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum HTTPRouteRulesBackendRefsFiltersRequestRedirectPathType { @@ -1178,7 +1056,6 @@ pub enum HTTPRouteRulesBackendRefsFiltersRequestRedirectPathType { /// RequestRedirect defines a schema for a filter that responds to the /// request with an HTTP redirection. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum HTTPRouteRulesBackendRefsFiltersRequestRedirectScheme { @@ -1191,7 +1068,6 @@ pub enum HTTPRouteRulesBackendRefsFiltersRequestRedirectScheme { /// RequestRedirect defines a schema for a filter that responds to the /// request with an HTTP redirection. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum HTTPRouteRulesBackendRefsFiltersRequestRedirectStatusCode { @@ -1204,7 +1080,6 @@ pub enum HTTPRouteRulesBackendRefsFiltersRequestRedirectStatusCode { /// ResponseHeaderModifier defines a schema for a filter that modifies response /// headers. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesBackendRefsFiltersResponseHeaderModifier { @@ -1212,18 +1087,15 @@ pub struct HTTPRouteRulesBackendRefsFiltersResponseHeaderModifier { /// before the action. It appends to any existing values associated /// with the header name. /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header: foo /// - /// /// Config: /// add: /// - name: "my-header" /// value: "bar,baz" /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header: foo,bar,baz @@ -1234,18 +1106,15 @@ pub struct HTTPRouteRulesBackendRefsFiltersResponseHeaderModifier { /// names are case-insensitive (see /// https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header1: foo /// my-header2: bar /// my-header3: baz /// - /// /// Config: /// remove: ["my-header1", "my-header3"] /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header2: bar @@ -1254,18 +1123,15 @@ pub struct HTTPRouteRulesBackendRefsFiltersResponseHeaderModifier { /// Set overwrites the request with the given header (name, value) /// before the action. /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header: foo /// - /// /// Config: /// set: /// - name: "my-header" /// value: "bar" /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header: bar @@ -1279,7 +1145,6 @@ pub struct HTTPRouteRulesBackendRefsFiltersResponseHeaderModifierAdd { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, the first entry with /// an equivalent name MUST be considered for a match. Subsequent entries /// with an equivalent header name MUST be ignored. Due to the @@ -1296,7 +1161,6 @@ pub struct HTTPRouteRulesBackendRefsFiltersResponseHeaderModifierSet { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, the first entry with /// an equivalent name MUST be considered for a match. Subsequent entries /// with an equivalent header name MUST be ignored. Due to the @@ -1326,20 +1190,17 @@ pub enum HTTPRouteRulesBackendRefsFiltersType { /// URLRewrite defines a schema for a filter that modifies a request during forwarding. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesBackendRefsFiltersUrlRewrite { /// Hostname is the value to be used to replace the Host header value during /// forwarding. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub hostname: Option, /// Path defines a path rewrite. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, @@ -1347,7 +1208,6 @@ pub struct HTTPRouteRulesBackendRefsFiltersUrlRewrite { /// Path defines a path rewrite. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesBackendRefsFiltersUrlRewritePath { @@ -1364,32 +1224,17 @@ pub struct HTTPRouteRulesBackendRefsFiltersUrlRewritePath { /// to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch /// of "/xyz" would be modified to "/xyz/bar". /// - /// /// Note that this matches the behavior of the PathPrefix match type. This /// matches full path elements. A path element refers to the list of labels /// in the path split by the `/` separator. When specified, a trailing `/` is /// ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all /// match the prefix `/abc`, but the path `/abcd` would not. /// - /// /// ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. /// Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in /// the implementation setting the Accepted Condition for the Route to `status: False`. /// - /// /// Request Path | Prefix Match | Replace Prefix | Modified Path - /// -------------|--------------|----------------|---------- - /// /foo/bar | /foo | /xyz | /xyz/bar - /// /foo/bar | /foo | /xyz/ | /xyz/bar - /// /foo/bar | /foo/ | /xyz | /xyz/bar - /// /foo/bar | /foo/ | /xyz/ | /xyz/bar - /// /foo | /foo | /xyz | /xyz - /// /foo/ | /foo | /xyz | /xyz/ - /// /foo/bar | /foo | | /bar - /// /foo/ | /foo | | / - /// /foo | /foo | | / - /// /foo/ | /foo | / | / - /// /foo | /foo | / | / #[serde( default, skip_serializing_if = "Option::is_none", @@ -1399,11 +1244,9 @@ pub struct HTTPRouteRulesBackendRefsFiltersUrlRewritePath { /// Type defines the type of path modifier. Additional types may be /// added in a future release of the API. /// - /// /// Note that values may be added to this enum, implementations /// must ensure that unknown values will not cause a crash. /// - /// /// Unknown values here must result in the implementation setting the /// Accepted Condition for the Route to `status: False`, with a /// Reason of `UnsupportedValue`. @@ -1413,7 +1256,6 @@ pub struct HTTPRouteRulesBackendRefsFiltersUrlRewritePath { /// Path defines a path rewrite. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum HTTPRouteRulesBackendRefsFiltersUrlRewritePathType { @@ -1434,10 +1276,8 @@ pub struct HTTPRouteRulesFilters { /// "networking.example.net"). ExtensionRef MUST NOT be used for core and /// extended filters. /// - /// /// This filter can be used multiple times within the same rule. /// - /// /// Support: Implementation-specific #[serde( default, @@ -1448,7 +1288,6 @@ pub struct HTTPRouteRulesFilters { /// RequestHeaderModifier defines a schema for a filter that modifies request /// headers. /// - /// /// Support: Core #[serde( default, @@ -1460,13 +1299,13 @@ pub struct HTTPRouteRulesFilters { /// Requests are sent to the specified destination, but responses from /// that destination are ignored. /// - /// /// This filter can be used multiple times within the same rule. Note that /// not all implementations will be able to support mirroring to multiple /// backends. /// - /// /// Support: Extended + /// + /// #[serde( default, skip_serializing_if = "Option::is_none", @@ -1476,7 +1315,6 @@ pub struct HTTPRouteRulesFilters { /// RequestRedirect defines a schema for a filter that responds to the /// request with an HTTP redirection. /// - /// /// Support: Core #[serde( default, @@ -1487,7 +1325,6 @@ pub struct HTTPRouteRulesFilters { /// ResponseHeaderModifier defines a schema for a filter that modifies response /// headers. /// - /// /// Support: Extended #[serde( default, @@ -1498,17 +1335,14 @@ pub struct HTTPRouteRulesFilters { /// Type identifies the type of filter to apply. As with other API fields, /// types are classified into three conformance levels: /// - /// /// - Core: Filter types and their corresponding configuration defined by /// "Support: Core" in this package, e.g. "RequestHeaderModifier". All /// implementations must support core filters. /// - /// /// - Extended: Filter types and their corresponding configuration defined by /// "Support: Extended" in this package, e.g. "RequestMirror". Implementers /// are encouraged to support extended filters. /// - /// /// - Implementation-specific: Filters that are defined and supported by /// specific vendors. /// In the future, filters showing convergence in behavior across multiple @@ -1517,20 +1351,16 @@ pub struct HTTPRouteRulesFilters { /// is specified using the ExtensionRef field. `Type` should be set to /// "ExtensionRef" for custom filters. /// - /// /// Implementers are encouraged to define custom implementation types to /// extend the core API with implementation-specific behavior. /// - /// /// If a reference to a custom filter type cannot be resolved, the filter /// MUST NOT be skipped. Instead, requests that would have been processed by /// that filter MUST receive a HTTP error response. /// - /// /// Note that values may be added to this enum, implementations /// must ensure that unknown values will not cause a crash. /// - /// /// Unknown values here must result in the implementation setting the /// Accepted Condition for the Route to `status: False`, with a /// Reason of `UnsupportedValue`. @@ -1538,7 +1368,6 @@ pub struct HTTPRouteRulesFilters { pub r#type: HTTPRouteRulesFiltersType, /// URLRewrite defines a schema for a filter that modifies a request during forwarding. /// - /// /// Support: Extended #[serde( default, @@ -1553,10 +1382,8 @@ pub struct HTTPRouteRulesFilters { /// "networking.example.net"). ExtensionRef MUST NOT be used for core and /// extended filters. /// -/// /// This filter can be used multiple times within the same rule. /// -/// /// Support: Implementation-specific #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesFiltersExtensionRef { @@ -1572,7 +1399,6 @@ pub struct HTTPRouteRulesFiltersExtensionRef { /// RequestHeaderModifier defines a schema for a filter that modifies request /// headers. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesFiltersRequestHeaderModifier { @@ -1580,18 +1406,15 @@ pub struct HTTPRouteRulesFiltersRequestHeaderModifier { /// before the action. It appends to any existing values associated /// with the header name. /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header: foo /// - /// /// Config: /// add: /// - name: "my-header" /// value: "bar,baz" /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header: foo,bar,baz @@ -1602,18 +1425,15 @@ pub struct HTTPRouteRulesFiltersRequestHeaderModifier { /// names are case-insensitive (see /// https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header1: foo /// my-header2: bar /// my-header3: baz /// - /// /// Config: /// remove: ["my-header1", "my-header3"] /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header2: bar @@ -1622,18 +1442,15 @@ pub struct HTTPRouteRulesFiltersRequestHeaderModifier { /// Set overwrites the request with the given header (name, value) /// before the action. /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header: foo /// - /// /// Config: /// set: /// - name: "my-header" /// value: "bar" /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header: bar @@ -1647,7 +1464,6 @@ pub struct HTTPRouteRulesFiltersRequestHeaderModifierAdd { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, the first entry with /// an equivalent name MUST be considered for a match. Subsequent entries /// with an equivalent header name MUST be ignored. Due to the @@ -1664,7 +1480,6 @@ pub struct HTTPRouteRulesFiltersRequestHeaderModifierSet { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, the first entry with /// an equivalent name MUST be considered for a match. Subsequent entries /// with an equivalent header name MUST be ignored. Due to the @@ -1679,76 +1494,83 @@ pub struct HTTPRouteRulesFiltersRequestHeaderModifierSet { /// Requests are sent to the specified destination, but responses from /// that destination are ignored. /// -/// /// This filter can be used multiple times within the same rule. Note that /// not all implementations will be able to support mirroring to multiple /// backends. /// -/// /// Support: Extended +/// +/// #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesFiltersRequestMirror { /// BackendRef references a resource where mirrored requests are sent. /// - /// /// Mirrored requests must be sent only to a single destination endpoint /// within this BackendRef, irrespective of how many endpoints are present /// within this BackendRef. /// - /// /// If the referent cannot be found, this BackendRef is invalid and must be /// dropped from the Gateway. The controller must ensure the "ResolvedRefs" /// condition on the Route status is set to `status: False` and not configure /// this backend in the underlying implementation. /// - /// /// If there is a cross-namespace reference to an *existing* object /// that is not allowed by a ReferenceGrant, the controller must ensure the /// "ResolvedRefs" condition on the Route is set to `status: False`, /// with the "RefNotPermitted" reason and not configure this backend in the /// underlying implementation. /// - /// /// In either error case, the Message of the `ResolvedRefs` Condition /// should be used to provide more detail about the problem. /// - /// /// Support: Extended for Kubernetes Service /// - /// /// Support: Implementation-specific for any other resource #[serde(rename = "backendRef")] pub backend_ref: HTTPRouteRulesFiltersRequestMirrorBackendRef, + /// Fraction represents the fraction of requests that should be + /// mirrored to BackendRef. + /// + /// Only one of Fraction or Percent may be specified. If neither field + /// is specified, 100% of requests will be mirrored. + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub fraction: Option, + /// Percent represents the percentage of requests that should be + /// mirrored to BackendRef. Its minimum value is 0 (indicating 0% of + /// requests) and its maximum value is 100 (indicating 100% of requests). + /// + /// Only one of Fraction or Percent may be specified. If neither field + /// is specified, 100% of requests will be mirrored. + /// + /// + #[serde(default, skip_serializing_if = "Option::is_none")] + pub percent: Option, } /// BackendRef references a resource where mirrored requests are sent. /// -/// /// Mirrored requests must be sent only to a single destination endpoint /// within this BackendRef, irrespective of how many endpoints are present /// within this BackendRef. /// -/// /// If the referent cannot be found, this BackendRef is invalid and must be /// dropped from the Gateway. The controller must ensure the "ResolvedRefs" /// condition on the Route status is set to `status: False` and not configure /// this backend in the underlying implementation. /// -/// /// If there is a cross-namespace reference to an *existing* object /// that is not allowed by a ReferenceGrant, the controller must ensure the /// "ResolvedRefs" condition on the Route is set to `status: False`, /// with the "RefNotPermitted" reason and not configure this backend in the /// underlying implementation. /// -/// /// In either error case, the Message of the `ResolvedRefs` Condition /// should be used to provide more detail about the problem. /// -/// /// Support: Extended for Kubernetes Service /// -/// /// Support: Implementation-specific for any other resource #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesFiltersRequestMirrorBackendRef { @@ -1759,20 +1581,16 @@ pub struct HTTPRouteRulesFiltersRequestMirrorBackendRef { /// Kind is the Kubernetes resource kind of the referent. For example /// "Service". /// - /// /// Defaults to "Service" when not specified. /// - /// /// ExternalName services can refer to CNAME DNS records that may live /// outside of the cluster and as such are difficult to reason about in /// terms of conformance. They also may not be safe to forward to (see /// CVE-2021-25740 for more information). Implementations SHOULD NOT /// support ExternalName Services. /// - /// /// Support: Core (Services with a type other than ExternalName) /// - /// /// Support: Implementation-specific (Services with type ExternalName) #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, @@ -1781,13 +1599,11 @@ pub struct HTTPRouteRulesFiltersRequestMirrorBackendRef { /// Namespace is the namespace of the backend. When unspecified, the local /// namespace is inferred. /// - /// /// Note that when a namespace different than the local namespace is specified, /// a ReferenceGrant object is required in the referent namespace to allow that /// namespace's owner to accept the reference. See the ReferenceGrant /// documentation for details. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, @@ -1800,10 +1616,23 @@ pub struct HTTPRouteRulesFiltersRequestMirrorBackendRef { pub port: Option, } +/// Fraction represents the fraction of requests that should be +/// mirrored to BackendRef. +/// +/// Only one of Fraction or Percent may be specified. If neither field +/// is specified, 100% of requests will be mirrored. +/// +/// +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] +pub struct HTTPRouteRulesFiltersRequestMirrorFraction { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub denominator: Option, + pub numerator: i32, +} + /// RequestRedirect defines a schema for a filter that responds to the /// request with an HTTP redirection. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesFiltersRequestRedirect { @@ -1811,7 +1640,6 @@ pub struct HTTPRouteRulesFiltersRequestRedirect { /// header in the response. /// When empty, the hostname in the `Host` header of the request is used. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub hostname: Option, @@ -1819,18 +1647,15 @@ pub struct HTTPRouteRulesFiltersRequestRedirect { /// The modified path is then used to construct the `Location` header. When /// empty, the request path is used as-is. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, /// Port is the port to be used in the value of the `Location` /// header in the response. /// - /// /// If no port is specified, the redirect port MUST be derived using the /// following rules: /// - /// /// * If redirect scheme is not-empty, the redirect port MUST be the well-known /// port associated with the redirect scheme. Specifically "http" to port 80 /// and "https" to port 443. If the redirect scheme does not have a @@ -1838,52 +1663,42 @@ pub struct HTTPRouteRulesFiltersRequestRedirect { /// * If redirect scheme is empty, the redirect port MUST be the Gateway /// Listener port. /// - /// /// Implementations SHOULD NOT add the port number in the 'Location' /// header in the following cases: /// - /// /// * A Location header that will use HTTP (whether that is determined via /// the Listener protocol or the Scheme field) _and_ use port 80. /// * A Location header that will use HTTPS (whether that is determined via /// the Listener protocol or the Scheme field) _and_ use port 443. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// Scheme is the scheme to be used in the value of the `Location` header in /// the response. When empty, the scheme of the request is used. /// - /// /// Scheme redirects can affect the port of the redirect, for more information, /// refer to the documentation for the port field of this filter. /// - /// /// Note that values may be added to this enum, implementations /// must ensure that unknown values will not cause a crash. /// - /// /// Unknown values here must result in the implementation setting the /// Accepted Condition for the Route to `status: False`, with a /// Reason of `UnsupportedValue`. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub scheme: Option, /// StatusCode is the HTTP status code to be used in response. /// - /// /// Note that values may be added to this enum, implementations /// must ensure that unknown values will not cause a crash. /// - /// /// Unknown values here must result in the implementation setting the /// Accepted Condition for the Route to `status: False`, with a /// Reason of `UnsupportedValue`. /// - /// /// Support: Core #[serde( default, @@ -1897,7 +1712,6 @@ pub struct HTTPRouteRulesFiltersRequestRedirect { /// The modified path is then used to construct the `Location` header. When /// empty, the request path is used as-is. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesFiltersRequestRedirectPath { @@ -1914,32 +1728,17 @@ pub struct HTTPRouteRulesFiltersRequestRedirectPath { /// to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch /// of "/xyz" would be modified to "/xyz/bar". /// - /// /// Note that this matches the behavior of the PathPrefix match type. This /// matches full path elements. A path element refers to the list of labels /// in the path split by the `/` separator. When specified, a trailing `/` is /// ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all /// match the prefix `/abc`, but the path `/abcd` would not. /// - /// /// ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. /// Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in /// the implementation setting the Accepted Condition for the Route to `status: False`. /// - /// /// Request Path | Prefix Match | Replace Prefix | Modified Path - /// -------------|--------------|----------------|---------- - /// /foo/bar | /foo | /xyz | /xyz/bar - /// /foo/bar | /foo | /xyz/ | /xyz/bar - /// /foo/bar | /foo/ | /xyz | /xyz/bar - /// /foo/bar | /foo/ | /xyz/ | /xyz/bar - /// /foo | /foo | /xyz | /xyz - /// /foo/ | /foo | /xyz | /xyz/ - /// /foo/bar | /foo | | /bar - /// /foo/ | /foo | | / - /// /foo | /foo | | / - /// /foo/ | /foo | / | / - /// /foo | /foo | / | / #[serde( default, skip_serializing_if = "Option::is_none", @@ -1949,11 +1748,9 @@ pub struct HTTPRouteRulesFiltersRequestRedirectPath { /// Type defines the type of path modifier. Additional types may be /// added in a future release of the API. /// - /// /// Note that values may be added to this enum, implementations /// must ensure that unknown values will not cause a crash. /// - /// /// Unknown values here must result in the implementation setting the /// Accepted Condition for the Route to `status: False`, with a /// Reason of `UnsupportedValue`. @@ -1965,7 +1762,6 @@ pub struct HTTPRouteRulesFiltersRequestRedirectPath { /// The modified path is then used to construct the `Location` header. When /// empty, the request path is used as-is. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum HTTPRouteRulesFiltersRequestRedirectPathType { @@ -1976,7 +1772,6 @@ pub enum HTTPRouteRulesFiltersRequestRedirectPathType { /// RequestRedirect defines a schema for a filter that responds to the /// request with an HTTP redirection. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum HTTPRouteRulesFiltersRequestRedirectScheme { @@ -1989,7 +1784,6 @@ pub enum HTTPRouteRulesFiltersRequestRedirectScheme { /// RequestRedirect defines a schema for a filter that responds to the /// request with an HTTP redirection. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum HTTPRouteRulesFiltersRequestRedirectStatusCode { @@ -2002,7 +1796,6 @@ pub enum HTTPRouteRulesFiltersRequestRedirectStatusCode { /// ResponseHeaderModifier defines a schema for a filter that modifies response /// headers. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesFiltersResponseHeaderModifier { @@ -2010,18 +1803,15 @@ pub struct HTTPRouteRulesFiltersResponseHeaderModifier { /// before the action. It appends to any existing values associated /// with the header name. /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header: foo /// - /// /// Config: /// add: /// - name: "my-header" /// value: "bar,baz" /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header: foo,bar,baz @@ -2032,18 +1822,15 @@ pub struct HTTPRouteRulesFiltersResponseHeaderModifier { /// names are case-insensitive (see /// https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header1: foo /// my-header2: bar /// my-header3: baz /// - /// /// Config: /// remove: ["my-header1", "my-header3"] /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header2: bar @@ -2052,18 +1839,15 @@ pub struct HTTPRouteRulesFiltersResponseHeaderModifier { /// Set overwrites the request with the given header (name, value) /// before the action. /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header: foo /// - /// /// Config: /// set: /// - name: "my-header" /// value: "bar" /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header: bar @@ -2077,7 +1861,6 @@ pub struct HTTPRouteRulesFiltersResponseHeaderModifierAdd { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, the first entry with /// an equivalent name MUST be considered for a match. Subsequent entries /// with an equivalent header name MUST be ignored. Due to the @@ -2094,7 +1877,6 @@ pub struct HTTPRouteRulesFiltersResponseHeaderModifierSet { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, the first entry with /// an equivalent name MUST be considered for a match. Subsequent entries /// with an equivalent header name MUST be ignored. Due to the @@ -2124,20 +1906,17 @@ pub enum HTTPRouteRulesFiltersType { /// URLRewrite defines a schema for a filter that modifies a request during forwarding. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesFiltersUrlRewrite { /// Hostname is the value to be used to replace the Host header value during /// forwarding. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub hostname: Option, /// Path defines a path rewrite. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, @@ -2145,7 +1924,6 @@ pub struct HTTPRouteRulesFiltersUrlRewrite { /// Path defines a path rewrite. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesFiltersUrlRewritePath { @@ -2162,32 +1940,17 @@ pub struct HTTPRouteRulesFiltersUrlRewritePath { /// to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch /// of "/xyz" would be modified to "/xyz/bar". /// - /// /// Note that this matches the behavior of the PathPrefix match type. This /// matches full path elements. A path element refers to the list of labels /// in the path split by the `/` separator. When specified, a trailing `/` is /// ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all /// match the prefix `/abc`, but the path `/abcd` would not. /// - /// /// ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. /// Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in /// the implementation setting the Accepted Condition for the Route to `status: False`. /// - /// /// Request Path | Prefix Match | Replace Prefix | Modified Path - /// -------------|--------------|----------------|---------- - /// /foo/bar | /foo | /xyz | /xyz/bar - /// /foo/bar | /foo | /xyz/ | /xyz/bar - /// /foo/bar | /foo/ | /xyz | /xyz/bar - /// /foo/bar | /foo/ | /xyz/ | /xyz/bar - /// /foo | /foo | /xyz | /xyz - /// /foo/ | /foo | /xyz | /xyz/ - /// /foo/bar | /foo | | /bar - /// /foo/ | /foo | | / - /// /foo | /foo | | / - /// /foo/ | /foo | / | / - /// /foo | /foo | / | / #[serde( default, skip_serializing_if = "Option::is_none", @@ -2197,11 +1960,9 @@ pub struct HTTPRouteRulesFiltersUrlRewritePath { /// Type defines the type of path modifier. Additional types may be /// added in a future release of the API. /// - /// /// Note that values may be added to this enum, implementations /// must ensure that unknown values will not cause a crash. /// - /// /// Unknown values here must result in the implementation setting the /// Accepted Condition for the Route to `status: False`, with a /// Reason of `UnsupportedValue`. @@ -2211,7 +1972,6 @@ pub struct HTTPRouteRulesFiltersUrlRewritePath { /// Path defines a path rewrite. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum HTTPRouteRulesFiltersUrlRewritePathType { @@ -2223,22 +1983,18 @@ pub enum HTTPRouteRulesFiltersUrlRewritePathType { /// action. Multiple match types are ANDed together, i.e. the match will /// evaluate to true only if all conditions are satisfied. /// -/// /// For example, the match below will match a HTTP request only if its path /// starts with `/foo` AND it contains the `version: v1` header: /// -/// -/// ``` +/// ```text /// match: /// -/// /// path: /// value: "/foo" /// headers: /// - name: "version" /// value "v1" /// -/// /// ``` #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesMatches { @@ -2251,7 +2007,6 @@ pub struct HTTPRouteRulesMatches { /// When specified, this route will be matched only if the request has the /// specified method. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub method: Option, @@ -2263,7 +2018,6 @@ pub struct HTTPRouteRulesMatches { /// values are ANDed together, meaning, a request must match all the /// specified query parameters to select the route. /// - /// /// Support: Extended #[serde( default, @@ -2280,14 +2034,12 @@ pub struct HTTPRouteRulesMatchesHeaders { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, only the first /// entry with an equivalent name MUST be considered for a match. Subsequent /// entries with an equivalent header name MUST be ignored. Due to the /// case-insensitivity of header names, "foo" and "Foo" are considered /// equivalent. /// - /// /// When a header is repeated in an HTTP request, it is /// implementation-specific behavior as to how this is represented. /// Generally, proxies should follow the guidance from the RFC: @@ -2296,13 +2048,10 @@ pub struct HTTPRouteRulesMatchesHeaders { pub name: String, /// Type specifies how to match against the value of the header. /// - /// /// Support: Core (Exact) /// - /// /// Support: Implementation-specific (RegularExpression) /// - /// /// Since RegularExpression HeaderMatchType has implementation-specific /// conformance, implementations can support POSIX, PCRE or any other dialects /// of regular expressions. Please read the implementation's documentation to @@ -2325,22 +2074,18 @@ pub enum HTTPRouteRulesMatchesHeadersType { /// action. Multiple match types are ANDed together, i.e. the match will /// evaluate to true only if all conditions are satisfied. /// -/// /// For example, the match below will match a HTTP request only if its path /// starts with `/foo` AND it contains the `version: v1` header: /// -/// -/// ``` +/// ```text /// match: /// -/// /// path: /// value: "/foo" /// headers: /// - name: "version" /// value "v1" /// -/// /// ``` #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum HTTPRouteRulesMatchesMethod { @@ -2370,10 +2115,8 @@ pub enum HTTPRouteRulesMatchesMethod { pub struct HTTPRouteRulesMatchesPath { /// Type specifies how to match against the path Value. /// - /// /// Support: Core (Exact, PathPrefix) /// - /// /// Support: Implementation-specific (RegularExpression) #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -2399,12 +2142,10 @@ pub struct HTTPRouteRulesMatchesQueryParams { /// exact string match. (See /// https://tools.ietf.org/html/rfc7230#section-2.7.3). /// - /// /// If multiple entries specify equivalent query param names, only the first /// entry with an equivalent name MUST be considered for a match. Subsequent /// entries with an equivalent query param name MUST be ignored. /// - /// /// If a query param is repeated in an HTTP request, the behavior is /// purposely left undefined, since different data planes have different /// capabilities. However, it is *recommended* that implementations should @@ -2412,19 +2153,15 @@ pub struct HTTPRouteRulesMatchesQueryParams { /// as this behavior is expected in other load balancing contexts outside of /// the Gateway API. /// - /// /// Users SHOULD NOT route traffic based on repeated query params to guard /// themselves against potential differences in the implementations. pub name: String, /// Type specifies how to match against the value of the query parameter. /// - /// /// Support: Extended (Exact) /// - /// /// Support: Implementation-specific (RegularExpression) /// - /// /// Since RegularExpression QueryParamMatchType has Implementation-specific /// conformance, implementations can support POSIX, PCRE or any other /// dialects of regular expressions. Please read the implementation's @@ -2443,21 +2180,83 @@ pub enum HTTPRouteRulesMatchesQueryParamsType { RegularExpression, } +/// Retry defines the configuration for when to retry an HTTP request. +/// +/// Support: Extended +/// +/// +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] +pub struct HTTPRouteRulesRetry { + /// Attempts specifies the maxmimum number of times an individual request + /// from the gateway to a backend should be retried. + /// + /// If the maximum number of retries has been attempted without a successful + /// response from the backend, the Gateway MUST return an error. + /// + /// When this field is unspecified, the number of times to attempt to retry + /// a backend request is implementation-specific. + /// + /// Support: Extended + #[serde(default, skip_serializing_if = "Option::is_none")] + pub attempts: Option, + /// Backoff specifies the minimum duration a Gateway should wait between + /// retry attempts and is represented in Gateway API Duration formatting. + /// + /// For example, setting the `rules[].retry.backoff` field to the value + /// `100ms` will cause a backend request to first be retried approximately + /// 100 milliseconds after timing out or receiving a response code configured + /// to be retryable. + /// + /// An implementation MAY use an exponential or alternative backoff strategy + /// for subsequent retry attempts, MAY cap the maximum backoff duration to + /// some amount greater than the specified minimum, and MAY add arbitrary + /// jitter to stagger requests, as long as unsuccessful backend requests are + /// not retried before the configured minimum duration. + /// + /// If a Request timeout (`rules[].timeouts.request`) is configured on the + /// route, the entire duration of the initial request and any retry attempts + /// MUST not exceed the Request timeout duration. If any retry attempts are + /// still in progress when the Request timeout duration has been reached, + /// these SHOULD be canceled if possible and the Gateway MUST immediately + /// return a timeout error. + /// + /// If a BackendRequest timeout (`rules[].timeouts.backendRequest`) is + /// configured on the route, any retry attempts which reach the configured + /// BackendRequest timeout duration without a response SHOULD be canceled if + /// possible and the Gateway should wait for at least the specified backoff + /// duration before attempting to retry the backend request again. + /// + /// If a BackendRequest timeout is _not_ configured on the route, retry + /// attempts MAY time out after an implementation default duration, or MAY + /// remain pending until a configured Request timeout or implementation + /// default duration for total request time is reached. + /// + /// When this field is unspecified, the time to wait between retry attempts + /// is implementation-specific. + /// + /// Support: Extended + #[serde(default, skip_serializing_if = "Option::is_none")] + pub backoff: Option, + /// Codes defines the HTTP response status codes for which a backend request + /// should be retried. + /// + /// Support: Extended + #[serde(default, skip_serializing_if = "Option::is_none")] + pub codes: Option>, +} + /// SessionPersistence defines and configures session persistence /// for the route rule. /// -/// /// Support: Extended /// /// -/// #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesSessionPersistence { /// AbsoluteTimeout defines the absolute timeout of the persistent /// session. Once the AbsoluteTimeout duration has elapsed, the /// session becomes invalid. /// - /// /// Support: Extended #[serde( default, @@ -2468,7 +2267,6 @@ pub struct HTTPRouteRulesSessionPersistence { /// CookieConfig provides configuration settings that are specific /// to cookie-based session persistence. /// - /// /// Support: Core #[serde( default, @@ -2480,7 +2278,6 @@ pub struct HTTPRouteRulesSessionPersistence { /// Once the session has been idle for more than the specified /// IdleTimeout duration, the session becomes invalid. /// - /// /// Support: Extended #[serde( default, @@ -2493,7 +2290,6 @@ pub struct HTTPRouteRulesSessionPersistence { /// should avoid reusing session names to prevent unintended /// consequences, such as rejection or unpredictable behavior. /// - /// /// Support: Implementation-specific #[serde( default, @@ -2505,10 +2301,8 @@ pub struct HTTPRouteRulesSessionPersistence { /// the use a header or cookie. Defaults to cookie based session /// persistence. /// - /// /// Support: Core for "Cookie" type /// - /// /// Support: Extended for "Header" type #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -2517,7 +2311,6 @@ pub struct HTTPRouteRulesSessionPersistence { /// CookieConfig provides configuration settings that are specific /// to cookie-based session persistence. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesSessionPersistenceCookieConfig { @@ -2527,20 +2320,16 @@ pub struct HTTPRouteRulesSessionPersistenceCookieConfig { /// attributes, while a session cookie is deleted when the current /// session ends. /// - /// /// When set to "Permanent", AbsoluteTimeout indicates the /// cookie's lifetime via the Expires or Max-Age cookie attributes /// and is required. /// - /// /// When set to "Session", AbsoluteTimeout indicates the /// absolute lifetime of the cookie tracked by the gateway and /// is optional. /// - /// /// Support: Core for "Session" type /// - /// /// Support: Extended for "Permanent" type #[serde( default, @@ -2553,7 +2342,6 @@ pub struct HTTPRouteRulesSessionPersistenceCookieConfig { /// CookieConfig provides configuration settings that are specific /// to cookie-based session persistence. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum HTTPRouteRulesSessionPersistenceCookieConfigLifetimeType { @@ -2564,11 +2352,9 @@ pub enum HTTPRouteRulesSessionPersistenceCookieConfigLifetimeType { /// SessionPersistence defines and configures session persistence /// for the route rule. /// -/// /// Support: Extended /// /// -/// #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum HTTPRouteRulesSessionPersistenceType { Cookie, @@ -2577,32 +2363,26 @@ pub enum HTTPRouteRulesSessionPersistenceType { /// Timeouts defines the timeouts that can be configured for an HTTP request. /// -/// /// Support: Extended -/// -/// -/// #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesTimeouts { /// BackendRequest specifies a timeout for an individual request from the gateway /// to a backend. This covers the time from when the request first starts being /// sent from the gateway to when the full response has been received from the backend. /// - /// /// Setting a timeout to the zero duration (e.g. "0s") SHOULD disable the timeout /// completely. Implementations that cannot completely disable the timeout MUST /// instead interpret the zero duration as the longest possible value to which /// the timeout can be set. /// - /// /// An entire client HTTP transaction with a gateway, covered by the Request timeout, /// may result in more than one call from the gateway to the destination backend, /// for example, if automatic retries are supported. /// - /// - /// Because the Request timeout encompasses the BackendRequest timeout, the value of - /// BackendRequest must be <= the value of Request timeout. - /// + /// The value of BackendRequest must be a Gateway API Duration string as defined by + /// GEP-2257. When this field is unspecified, its behavior is implementation-specific; + /// when specified, the value of BackendRequest must be no more than the value of the + /// Request timeout (since the Request timeout encompasses the BackendRequest timeout). /// /// Support: Extended #[serde( @@ -2615,26 +2395,22 @@ pub struct HTTPRouteRulesTimeouts { /// If the gateway has not been able to respond before this deadline is met, the gateway /// MUST return a timeout error. /// - /// /// For example, setting the `rules.timeouts.request` field to the value `10s` in an /// `HTTPRoute` will cause a timeout if a client request is taking longer than 10 seconds /// to complete. /// - /// /// Setting a timeout to the zero duration (e.g. "0s") SHOULD disable the timeout /// completely. Implementations that cannot completely disable the timeout MUST /// instead interpret the zero duration as the longest possible value to which /// the timeout can be set. /// - /// /// This timeout is intended to cover as close to the whole request-response transaction /// as possible although an implementation MAY choose to start the timeout after the entire /// request stream has been received instead of immediately after the transaction is /// initiated by the client. /// - /// - /// When this field is unspecified, request timeout behavior is implementation-specific. - /// + /// The value of Request is a Gateway API Duration string as defined by GEP-2257. When this + /// field is unspecified, request timeout behavior is implementation-specific. /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] @@ -2651,13 +2427,11 @@ pub struct HTTPRouteStatus { /// first sees the route and should update the entry as appropriate when the /// route or gateway is modified. /// - /// /// Note that parent references that cannot be resolved by an implementation /// of this API will not be added to this list. Implementations of this API /// can only populate Route status for the Gateways/parent resources they are /// responsible for. /// - /// /// A maximum of 32 Gateways will be represented in this list. An empty list /// means the route has not been attached to any Gateway. pub parents: Vec, @@ -2671,22 +2445,18 @@ pub struct HTTPRouteStatusParents { /// Note that the route's availability is also subject to the Gateway's own /// status conditions and listener status. /// - /// /// If the Route's ParentRef specifies an existing Gateway that supports /// Routes of this kind AND that Gateway's controller has sufficient access, /// then that Gateway's controller MUST set the "Accepted" condition on the /// Route, to indicate whether the route has been accepted or rejected by the /// Gateway, and why. /// - /// /// A Route MUST be considered "Accepted" if at least one of the Route's /// rules is implemented by the Gateway. /// - /// /// There are a number of cases where the "Accepted" condition may not be set /// due to lack of controller visibility, that includes when: /// - /// /// * The Route refers to a non-existent parent. /// * The Route is of a type that the controller does not support. /// * The Route is in a namespace the controller does not have access to. @@ -2696,15 +2466,12 @@ pub struct HTTPRouteStatusParents { /// controller that wrote this status. This corresponds with the /// controllerName field on GatewayClass. /// - /// /// Example: "example.net/gateway-controller". /// - /// /// The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are /// valid Kubernetes names /// (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). /// - /// /// Controllers MUST populate this field when writing status. Controllers should ensure that /// entries to status populated with their ControllerName are cleaned up when they are no /// longer necessary. @@ -2725,32 +2492,26 @@ pub struct HTTPRouteStatusParentsParentRef { /// To set the core API group (such as for a "Service" kind referent), /// Group must be explicitly set to "" (empty string). /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// Kind is kind of the referent. /// - /// /// There are two kinds of parent resources with "Core" support: /// - /// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// - /// /// Support for other resources is Implementation-Specific. #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, /// Name is the name of the referent. /// - /// /// Support: Core pub name: String, /// Namespace is the namespace of the referent. When unspecified, this refers /// to the local namespace of the Route. /// - /// /// Note that there are specific rules for ParentRefs which cross namespace /// boundaries. Cross-namespace references are only valid if they are explicitly /// allowed by something in the namespace they are referring to. For example: @@ -2758,12 +2519,10 @@ pub struct HTTPRouteStatusParentsParentRef { /// generic way to enable any other kind of cross-namespace reference. /// /// - /// /// ParentRefs from a Route to a Service in the same namespace are "producer" /// routes, which apply default routing rules to inbound connections from /// any namespace to the Service. /// - /// /// ParentRefs from a Route to a Service in a different namespace are /// "consumer" routes, and these routing rules are only applied to outbound /// connections originating from the same namespace as the Route, for which @@ -2771,14 +2530,12 @@ pub struct HTTPRouteStatusParentsParentRef { /// ParentRef of the Route. /// /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Port is the network port this Route targets. It can be interpreted /// differently based on the type of parent resource. /// - /// /// When the parent resource is a Gateway, this targets all listeners /// listening on the specified port that also support this kind of Route(and /// select this Route). It's not recommended to set `Port` unless the @@ -2788,18 +2545,15 @@ pub struct HTTPRouteStatusParentsParentRef { /// must match both specified values. /// /// - /// /// When the parent resource is a Service, this targets a specific port in the /// Service spec. When both Port (experimental) and SectionName are specified, /// the name and port of the selected port must match both specified values. /// /// - /// /// Implementations MAY choose to support other parent resources. /// Implementations supporting other types of parent resources MUST clearly /// document how/if Port is interpreted. /// - /// /// For the purpose of status, an attachment is considered successful as /// long as the parent resource accepts it partially. For example, Gateway /// listeners can restrict which Routes can attach to them by Route kind, @@ -2808,14 +2562,12 @@ pub struct HTTPRouteStatusParentsParentRef { /// attached. If no Gateway listeners accept attachment from this Route, /// the Route MUST be considered detached from the Gateway. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// SectionName is the name of a section within the target resource. In the /// following resources, SectionName is interpreted as the following: /// - /// /// * Gateway: Listener name. When both Port (experimental) and SectionName /// are specified, the name and port of the selected listener must match /// both specified values. @@ -2823,12 +2575,10 @@ pub struct HTTPRouteStatusParentsParentRef { /// are specified, the name and port of the selected listener must match /// both specified values. /// - /// /// Implementations MAY choose to support attaching Routes to other resources. /// If that is the case, they MUST clearly document how SectionName is /// interpreted. /// - /// /// When unspecified (empty string), this will reference the entire resource. /// For the purpose of status, an attachment is considered successful if at /// least one section in the parent resource accepts it. For example, Gateway @@ -2838,7 +2588,6 @@ pub struct HTTPRouteStatusParentsParentRef { /// attached. If no Gateway listeners accept attachment from this Route, the /// Route MUST be considered detached from the Gateway. /// - /// /// Support: Core #[serde( default, diff --git a/gateway-api/src/apis/experimental/referencegrants.rs b/gateway-api/src/apis/experimental/referencegrants.rs index 64a65b7..f3cab13 100644 --- a/gateway-api/src/apis/experimental/referencegrants.rs +++ b/gateway-api/src/apis/experimental/referencegrants.rs @@ -1,6 +1,6 @@ // WARNING: generated by kopium - manual changes will be overwritten // kopium command: kopium --schema=derived --derive=JsonSchema --derive=Default --derive=PartialEq --docs -f - -// kopium version: 0.20.1 +// kopium version: 0.21.1 #[allow(unused_imports)] mod prelude { @@ -27,7 +27,6 @@ pub struct ReferenceGrantSpec { /// to be an additional place that references can be valid from, or to put /// this another way, entries MUST be combined using OR. /// - /// /// Support: Core pub from: Vec, /// To describes the resources that may be referenced by the resources @@ -35,7 +34,6 @@ pub struct ReferenceGrantSpec { /// additional place that references can be valid to, or to put this another /// way, entries MUST be combined using OR. /// - /// /// Support: Core pub to: Vec, } @@ -46,23 +44,18 @@ pub struct ReferenceGrantFrom { /// Group is the group of the referent. /// When empty, the Kubernetes core API group is inferred. /// - /// /// Support: Core pub group: String, /// Kind is the kind of the referent. Although implementations may support /// additional resources, the following types are part of the "Core" /// support level for this field. /// - /// /// When used to permit a SecretObjectReference: /// - /// /// * Gateway /// - /// /// When used to permit a BackendObjectReference: /// - /// /// * GRPCRoute /// * HTTPRoute /// * TCPRoute @@ -71,7 +64,6 @@ pub struct ReferenceGrantFrom { pub kind: String, /// Namespace is the namespace of the referent. /// - /// /// Support: Core pub namespace: String, } @@ -83,14 +75,12 @@ pub struct ReferenceGrantTo { /// Group is the group of the referent. /// When empty, the Kubernetes core API group is inferred. /// - /// /// Support: Core pub group: String, /// Kind is the kind of the referent. Although implementations may support /// additional resources, the following types are part of the "Core" /// support level for this field: /// - /// /// * Secret when used to permit a SecretObjectReference /// * Service when used to permit a BackendObjectReference pub kind: String, diff --git a/gateway-api/src/apis/experimental/tcproutes.rs b/gateway-api/src/apis/experimental/tcproutes.rs index 88ed20c..a8b9469 100644 --- a/gateway-api/src/apis/experimental/tcproutes.rs +++ b/gateway-api/src/apis/experimental/tcproutes.rs @@ -1,6 +1,6 @@ // WARNING: generated by kopium - manual changes will be overwritten // kopium command: kopium --schema=derived --derive=JsonSchema --derive=Default --derive=PartialEq --docs -f - -// kopium version: 0.20.1 +// kopium version: 0.21.1 #[allow(unused_imports)] mod prelude { @@ -35,21 +35,16 @@ pub struct TCPRouteSpec { /// create a "producer" route for a Service in a different namespace from the /// Route. /// - /// /// There are two kinds of parent resources with "Core" support: /// - /// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// - /// /// This API may be extended in the future to support additional kinds of parent /// resources. /// - /// /// ParentRefs must be _distinct_. This means either that: /// - /// /// * They select different objects. If this is the case, then parentRef /// entries are distinct. In terms of fields, this means that the /// multi-part key defined by `group`, `kind`, `namespace`, and `name` must @@ -59,10 +54,8 @@ pub struct TCPRouteSpec { /// optional fields to different values. If one ParentRef sets a /// combination of optional fields, all must set the same combination. /// - /// /// Some examples: /// - /// /// * If one ParentRef sets `sectionName`, all ParentRefs referencing the /// same object must also set `sectionName`. /// * If one ParentRef sets `port`, all ParentRefs referencing the same @@ -70,14 +63,12 @@ pub struct TCPRouteSpec { /// * If one ParentRef sets `sectionName` and `port`, all ParentRefs /// referencing the same object must also set `sectionName` and `port`. /// - /// /// It is possible to separately reference multiple distinct objects that may /// be collapsed by an implementation. For example, some implementations may /// choose to merge compatible Gateway Listeners together. If that is the /// case, the list of routes attached to those resources should also be /// merged. /// - /// /// Note that for ParentRefs that cross namespace boundaries, there are specific /// rules. Cross-namespace references are only valid if they are explicitly /// allowed by something in the namespace they are referring to. For example, @@ -85,12 +76,10 @@ pub struct TCPRouteSpec { /// generic way to enable other kinds of cross-namespace reference. /// /// - /// /// ParentRefs from a Route to a Service in the same namespace are "producer" /// routes, which apply default routing rules to inbound connections from /// any namespace to the Service. /// - /// /// ParentRefs from a Route to a Service in a different namespace are /// "consumer" routes, and these routing rules are only applied to outbound /// connections originating from the same namespace as the Route, for which @@ -102,7 +91,6 @@ pub struct TCPRouteSpec { /// /// /// - /// #[serde( default, skip_serializing_if = "Option::is_none", @@ -110,6 +98,8 @@ pub struct TCPRouteSpec { )] pub parent_refs: Option>, /// Rules are a list of TCP matchers and actions. + /// + /// pub rules: Vec, } @@ -117,15 +107,12 @@ pub struct TCPRouteSpec { /// a parent of this resource (usually a route). There are two kinds of parent resources /// with "Core" support: /// -/// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// -/// /// This API may be extended in the future to support additional kinds of parent /// resources. /// -/// /// The API object must be valid in the cluster; the Group and Kind must /// be registered in the cluster for this reference to be valid. #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] @@ -135,32 +122,26 @@ pub struct TCPRouteParentRefs { /// To set the core API group (such as for a "Service" kind referent), /// Group must be explicitly set to "" (empty string). /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// Kind is kind of the referent. /// - /// /// There are two kinds of parent resources with "Core" support: /// - /// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// - /// /// Support for other resources is Implementation-Specific. #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, /// Name is the name of the referent. /// - /// /// Support: Core pub name: String, /// Namespace is the namespace of the referent. When unspecified, this refers /// to the local namespace of the Route. /// - /// /// Note that there are specific rules for ParentRefs which cross namespace /// boundaries. Cross-namespace references are only valid if they are explicitly /// allowed by something in the namespace they are referring to. For example: @@ -168,12 +149,10 @@ pub struct TCPRouteParentRefs { /// generic way to enable any other kind of cross-namespace reference. /// /// - /// /// ParentRefs from a Route to a Service in the same namespace are "producer" /// routes, which apply default routing rules to inbound connections from /// any namespace to the Service. /// - /// /// ParentRefs from a Route to a Service in a different namespace are /// "consumer" routes, and these routing rules are only applied to outbound /// connections originating from the same namespace as the Route, for which @@ -181,14 +160,12 @@ pub struct TCPRouteParentRefs { /// ParentRef of the Route. /// /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Port is the network port this Route targets. It can be interpreted /// differently based on the type of parent resource. /// - /// /// When the parent resource is a Gateway, this targets all listeners /// listening on the specified port that also support this kind of Route(and /// select this Route). It's not recommended to set `Port` unless the @@ -198,18 +175,15 @@ pub struct TCPRouteParentRefs { /// must match both specified values. /// /// - /// /// When the parent resource is a Service, this targets a specific port in the /// Service spec. When both Port (experimental) and SectionName are specified, /// the name and port of the selected port must match both specified values. /// /// - /// /// Implementations MAY choose to support other parent resources. /// Implementations supporting other types of parent resources MUST clearly /// document how/if Port is interpreted. /// - /// /// For the purpose of status, an attachment is considered successful as /// long as the parent resource accepts it partially. For example, Gateway /// listeners can restrict which Routes can attach to them by Route kind, @@ -218,14 +192,12 @@ pub struct TCPRouteParentRefs { /// attached. If no Gateway listeners accept attachment from this Route, /// the Route MUST be considered detached from the Gateway. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// SectionName is the name of a section within the target resource. In the /// following resources, SectionName is interpreted as the following: /// - /// /// * Gateway: Listener name. When both Port (experimental) and SectionName /// are specified, the name and port of the selected listener must match /// both specified values. @@ -233,12 +205,10 @@ pub struct TCPRouteParentRefs { /// are specified, the name and port of the selected listener must match /// both specified values. /// - /// /// Implementations MAY choose to support attaching Routes to other resources. /// If that is the case, they MUST clearly document how SectionName is /// interpreted. /// - /// /// When unspecified (empty string), this will reference the entire resource. /// For the purpose of status, an attachment is considered successful if at /// least one section in the parent resource accepts it. For example, Gateway @@ -248,7 +218,6 @@ pub struct TCPRouteParentRefs { /// attached. If no Gateway listeners accept attachment from this Route, the /// Route MUST be considered detached from the Gateway. /// - /// /// Support: Core #[serde( default, @@ -268,16 +237,12 @@ pub struct TCPRouteRules { /// respect weight; if an invalid backend is requested to have 80% of /// connections, then 80% of connections must be rejected instead. /// - /// /// Support: Core for Kubernetes Service /// - /// /// Support: Extended for Kubernetes ServiceImport /// - /// /// Support: Implementation-specific for any other resource /// - /// /// Support for weight: Extended #[serde( default, @@ -285,42 +250,39 @@ pub struct TCPRouteRules { rename = "backendRefs" )] pub backend_refs: Option>, + /// Name is the name of the route rule. This name MUST be unique within a Route if it is set. + /// + /// Support: Extended + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, } /// BackendRef defines how a Route should forward a request to a Kubernetes /// resource. /// -/// /// Note that when a namespace different than the local namespace is specified, a /// ReferenceGrant object is required in the referent namespace to allow that /// namespace's owner to accept the reference. See the ReferenceGrant /// documentation for details. /// -/// /// /// -/// /// When the BackendRef points to a Kubernetes Service, implementations SHOULD /// honor the appProtocol field if it is set for the target Service Port. /// -/// /// Implementations supporting appProtocol SHOULD recognize the Kubernetes /// Standard Application Protocols defined in KEP-3726. /// -/// /// If a Service appProtocol isn't specified, an implementation MAY infer the /// backend protocol through its own means. Implementations MAY infer the /// protocol from the Route type referring to the backend Service. /// -/// /// If a Route is not able to send traffic to the backend using the specified /// protocol then the backend is considered invalid. Implementations MUST set the /// "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason. /// -/// /// /// -/// /// Note that when the BackendTLSPolicy object is enabled by the implementation, /// there are some extra rules about validity to consider here. See the fields /// where this struct is used for more information about the exact behavior. @@ -333,20 +295,16 @@ pub struct TCPRouteRulesBackendRefs { /// Kind is the Kubernetes resource kind of the referent. For example /// "Service". /// - /// /// Defaults to "Service" when not specified. /// - /// /// ExternalName services can refer to CNAME DNS records that may live /// outside of the cluster and as such are difficult to reason about in /// terms of conformance. They also may not be safe to forward to (see /// CVE-2021-25740 for more information). Implementations SHOULD NOT /// support ExternalName Services. /// - /// /// Support: Core (Services with a type other than ExternalName) /// - /// /// Support: Implementation-specific (Services with type ExternalName) #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, @@ -355,13 +313,11 @@ pub struct TCPRouteRulesBackendRefs { /// Namespace is the namespace of the backend. When unspecified, the local /// namespace is inferred. /// - /// /// Note that when a namespace different than the local namespace is specified, /// a ReferenceGrant object is required in the referent namespace to allow that /// namespace's owner to accept the reference. See the ReferenceGrant /// documentation for details. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, @@ -379,13 +335,11 @@ pub struct TCPRouteRulesBackendRefs { /// implementation supports. Weight is not a percentage and the sum of /// weights does not need to equal 100. /// - /// /// If only one backend is specified and it has a weight greater than 0, 100% /// of the traffic is forwarded to that backend. If weight is set to 0, no /// traffic should be forwarded for this entry. If unspecified, weight /// defaults to 1. /// - /// /// Support for this field varies based on the context where used. #[serde(default, skip_serializing_if = "Option::is_none")] pub weight: Option, @@ -401,13 +355,11 @@ pub struct TCPRouteStatus { /// first sees the route and should update the entry as appropriate when the /// route or gateway is modified. /// - /// /// Note that parent references that cannot be resolved by an implementation /// of this API will not be added to this list. Implementations of this API /// can only populate Route status for the Gateways/parent resources they are /// responsible for. /// - /// /// A maximum of 32 Gateways will be represented in this list. An empty list /// means the route has not been attached to any Gateway. pub parents: Vec, @@ -421,22 +373,18 @@ pub struct TCPRouteStatusParents { /// Note that the route's availability is also subject to the Gateway's own /// status conditions and listener status. /// - /// /// If the Route's ParentRef specifies an existing Gateway that supports /// Routes of this kind AND that Gateway's controller has sufficient access, /// then that Gateway's controller MUST set the "Accepted" condition on the /// Route, to indicate whether the route has been accepted or rejected by the /// Gateway, and why. /// - /// /// A Route MUST be considered "Accepted" if at least one of the Route's /// rules is implemented by the Gateway. /// - /// /// There are a number of cases where the "Accepted" condition may not be set /// due to lack of controller visibility, that includes when: /// - /// /// * The Route refers to a non-existent parent. /// * The Route is of a type that the controller does not support. /// * The Route is in a namespace the controller does not have access to. @@ -446,15 +394,12 @@ pub struct TCPRouteStatusParents { /// controller that wrote this status. This corresponds with the /// controllerName field on GatewayClass. /// - /// /// Example: "example.net/gateway-controller". /// - /// /// The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are /// valid Kubernetes names /// (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). /// - /// /// Controllers MUST populate this field when writing status. Controllers should ensure that /// entries to status populated with their ControllerName are cleaned up when they are no /// longer necessary. @@ -475,32 +420,26 @@ pub struct TCPRouteStatusParentsParentRef { /// To set the core API group (such as for a "Service" kind referent), /// Group must be explicitly set to "" (empty string). /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// Kind is kind of the referent. /// - /// /// There are two kinds of parent resources with "Core" support: /// - /// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// - /// /// Support for other resources is Implementation-Specific. #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, /// Name is the name of the referent. /// - /// /// Support: Core pub name: String, /// Namespace is the namespace of the referent. When unspecified, this refers /// to the local namespace of the Route. /// - /// /// Note that there are specific rules for ParentRefs which cross namespace /// boundaries. Cross-namespace references are only valid if they are explicitly /// allowed by something in the namespace they are referring to. For example: @@ -508,12 +447,10 @@ pub struct TCPRouteStatusParentsParentRef { /// generic way to enable any other kind of cross-namespace reference. /// /// - /// /// ParentRefs from a Route to a Service in the same namespace are "producer" /// routes, which apply default routing rules to inbound connections from /// any namespace to the Service. /// - /// /// ParentRefs from a Route to a Service in a different namespace are /// "consumer" routes, and these routing rules are only applied to outbound /// connections originating from the same namespace as the Route, for which @@ -521,14 +458,12 @@ pub struct TCPRouteStatusParentsParentRef { /// ParentRef of the Route. /// /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Port is the network port this Route targets. It can be interpreted /// differently based on the type of parent resource. /// - /// /// When the parent resource is a Gateway, this targets all listeners /// listening on the specified port that also support this kind of Route(and /// select this Route). It's not recommended to set `Port` unless the @@ -538,18 +473,15 @@ pub struct TCPRouteStatusParentsParentRef { /// must match both specified values. /// /// - /// /// When the parent resource is a Service, this targets a specific port in the /// Service spec. When both Port (experimental) and SectionName are specified, /// the name and port of the selected port must match both specified values. /// /// - /// /// Implementations MAY choose to support other parent resources. /// Implementations supporting other types of parent resources MUST clearly /// document how/if Port is interpreted. /// - /// /// For the purpose of status, an attachment is considered successful as /// long as the parent resource accepts it partially. For example, Gateway /// listeners can restrict which Routes can attach to them by Route kind, @@ -558,14 +490,12 @@ pub struct TCPRouteStatusParentsParentRef { /// attached. If no Gateway listeners accept attachment from this Route, /// the Route MUST be considered detached from the Gateway. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// SectionName is the name of a section within the target resource. In the /// following resources, SectionName is interpreted as the following: /// - /// /// * Gateway: Listener name. When both Port (experimental) and SectionName /// are specified, the name and port of the selected listener must match /// both specified values. @@ -573,12 +503,10 @@ pub struct TCPRouteStatusParentsParentRef { /// are specified, the name and port of the selected listener must match /// both specified values. /// - /// /// Implementations MAY choose to support attaching Routes to other resources. /// If that is the case, they MUST clearly document how SectionName is /// interpreted. /// - /// /// When unspecified (empty string), this will reference the entire resource. /// For the purpose of status, an attachment is considered successful if at /// least one section in the parent resource accepts it. For example, Gateway @@ -588,7 +516,6 @@ pub struct TCPRouteStatusParentsParentRef { /// attached. If no Gateway listeners accept attachment from this Route, the /// Route MUST be considered detached from the Gateway. /// - /// /// Support: Core #[serde( default, diff --git a/gateway-api/src/apis/experimental/tlsroutes.rs b/gateway-api/src/apis/experimental/tlsroutes.rs index 02e5edd..0155efd 100644 --- a/gateway-api/src/apis/experimental/tlsroutes.rs +++ b/gateway-api/src/apis/experimental/tlsroutes.rs @@ -1,6 +1,6 @@ // WARNING: generated by kopium - manual changes will be overwritten // kopium command: kopium --schema=derived --derive=JsonSchema --derive=Default --derive=PartialEq --docs -f - -// kopium version: 0.20.1 +// kopium version: 0.21.1 #[allow(unused_imports)] mod prelude { @@ -28,17 +28,14 @@ pub struct TLSRouteSpec { /// SNI attribute of TLS ClientHello message in TLS handshake. This matches /// the RFC 1123 definition of a hostname with 2 notable exceptions: /// - /// /// 1. IPs are not allowed in SNI names per RFC 6066. /// 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard /// label must appear by itself as the first label. /// - /// /// If a hostname is specified by both the Listener and TLSRoute, there /// must be at least one intersecting hostname for the TLSRoute to be /// attached to the Listener. For example: /// - /// /// * A Listener with `test.example.com` as the hostname matches TLSRoutes /// that have either not specified any hostnames, or have specified at /// least one of `test.example.com` or `*.example.com`. @@ -48,20 +45,17 @@ pub struct TLSRouteSpec { /// `test.example.com` and `*.example.com` would both match. On the other /// hand, `example.com` and `test.example.net` would not match. /// - /// /// If both the Listener and TLSRoute have specified hostnames, any /// TLSRoute hostnames that do not match the Listener hostname MUST be /// ignored. For example, if a Listener specified `*.example.com`, and the /// TLSRoute specified `test.example.com` and `test.example.net`, /// `test.example.net` must not be considered for a match. /// - /// /// If both the Listener and TLSRoute have specified hostnames, and none /// match with the criteria above, then the TLSRoute is not accepted. The /// implementation must raise an 'Accepted' Condition with a status of /// `False` in the corresponding RouteParentStatus. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub hostnames: Option>, @@ -76,21 +70,16 @@ pub struct TLSRouteSpec { /// create a "producer" route for a Service in a different namespace from the /// Route. /// - /// /// There are two kinds of parent resources with "Core" support: /// - /// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// - /// /// This API may be extended in the future to support additional kinds of parent /// resources. /// - /// /// ParentRefs must be _distinct_. This means either that: /// - /// /// * They select different objects. If this is the case, then parentRef /// entries are distinct. In terms of fields, this means that the /// multi-part key defined by `group`, `kind`, `namespace`, and `name` must @@ -100,10 +89,8 @@ pub struct TLSRouteSpec { /// optional fields to different values. If one ParentRef sets a /// combination of optional fields, all must set the same combination. /// - /// /// Some examples: /// - /// /// * If one ParentRef sets `sectionName`, all ParentRefs referencing the /// same object must also set `sectionName`. /// * If one ParentRef sets `port`, all ParentRefs referencing the same @@ -111,14 +98,12 @@ pub struct TLSRouteSpec { /// * If one ParentRef sets `sectionName` and `port`, all ParentRefs /// referencing the same object must also set `sectionName` and `port`. /// - /// /// It is possible to separately reference multiple distinct objects that may /// be collapsed by an implementation. For example, some implementations may /// choose to merge compatible Gateway Listeners together. If that is the /// case, the list of routes attached to those resources should also be /// merged. /// - /// /// Note that for ParentRefs that cross namespace boundaries, there are specific /// rules. Cross-namespace references are only valid if they are explicitly /// allowed by something in the namespace they are referring to. For example, @@ -126,12 +111,10 @@ pub struct TLSRouteSpec { /// generic way to enable other kinds of cross-namespace reference. /// /// - /// /// ParentRefs from a Route to a Service in the same namespace are "producer" /// routes, which apply default routing rules to inbound connections from /// any namespace to the Service. /// - /// /// ParentRefs from a Route to a Service in a different namespace are /// "consumer" routes, and these routing rules are only applied to outbound /// connections originating from the same namespace as the Route, for which @@ -143,7 +126,6 @@ pub struct TLSRouteSpec { /// /// /// - /// #[serde( default, skip_serializing_if = "Option::is_none", @@ -151,6 +133,8 @@ pub struct TLSRouteSpec { )] pub parent_refs: Option>, /// Rules are a list of TLS matchers and actions. + /// + /// pub rules: Vec, } @@ -158,15 +142,12 @@ pub struct TLSRouteSpec { /// a parent of this resource (usually a route). There are two kinds of parent resources /// with "Core" support: /// -/// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// -/// /// This API may be extended in the future to support additional kinds of parent /// resources. /// -/// /// The API object must be valid in the cluster; the Group and Kind must /// be registered in the cluster for this reference to be valid. #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] @@ -176,32 +157,26 @@ pub struct TLSRouteParentRefs { /// To set the core API group (such as for a "Service" kind referent), /// Group must be explicitly set to "" (empty string). /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// Kind is kind of the referent. /// - /// /// There are two kinds of parent resources with "Core" support: /// - /// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// - /// /// Support for other resources is Implementation-Specific. #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, /// Name is the name of the referent. /// - /// /// Support: Core pub name: String, /// Namespace is the namespace of the referent. When unspecified, this refers /// to the local namespace of the Route. /// - /// /// Note that there are specific rules for ParentRefs which cross namespace /// boundaries. Cross-namespace references are only valid if they are explicitly /// allowed by something in the namespace they are referring to. For example: @@ -209,12 +184,10 @@ pub struct TLSRouteParentRefs { /// generic way to enable any other kind of cross-namespace reference. /// /// - /// /// ParentRefs from a Route to a Service in the same namespace are "producer" /// routes, which apply default routing rules to inbound connections from /// any namespace to the Service. /// - /// /// ParentRefs from a Route to a Service in a different namespace are /// "consumer" routes, and these routing rules are only applied to outbound /// connections originating from the same namespace as the Route, for which @@ -222,14 +195,12 @@ pub struct TLSRouteParentRefs { /// ParentRef of the Route. /// /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Port is the network port this Route targets. It can be interpreted /// differently based on the type of parent resource. /// - /// /// When the parent resource is a Gateway, this targets all listeners /// listening on the specified port that also support this kind of Route(and /// select this Route). It's not recommended to set `Port` unless the @@ -239,18 +210,15 @@ pub struct TLSRouteParentRefs { /// must match both specified values. /// /// - /// /// When the parent resource is a Service, this targets a specific port in the /// Service spec. When both Port (experimental) and SectionName are specified, /// the name and port of the selected port must match both specified values. /// /// - /// /// Implementations MAY choose to support other parent resources. /// Implementations supporting other types of parent resources MUST clearly /// document how/if Port is interpreted. /// - /// /// For the purpose of status, an attachment is considered successful as /// long as the parent resource accepts it partially. For example, Gateway /// listeners can restrict which Routes can attach to them by Route kind, @@ -259,14 +227,12 @@ pub struct TLSRouteParentRefs { /// attached. If no Gateway listeners accept attachment from this Route, /// the Route MUST be considered detached from the Gateway. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// SectionName is the name of a section within the target resource. In the /// following resources, SectionName is interpreted as the following: /// - /// /// * Gateway: Listener name. When both Port (experimental) and SectionName /// are specified, the name and port of the selected listener must match /// both specified values. @@ -274,12 +240,10 @@ pub struct TLSRouteParentRefs { /// are specified, the name and port of the selected listener must match /// both specified values. /// - /// /// Implementations MAY choose to support attaching Routes to other resources. /// If that is the case, they MUST clearly document how SectionName is /// interpreted. /// - /// /// When unspecified (empty string), this will reference the entire resource. /// For the purpose of status, an attachment is considered successful if at /// least one section in the parent resource accepts it. For example, Gateway @@ -289,7 +253,6 @@ pub struct TLSRouteParentRefs { /// attached. If no Gateway listeners accept attachment from this Route, the /// Route MUST be considered detached from the Gateway. /// - /// /// Support: Core #[serde( default, @@ -312,16 +275,12 @@ pub struct TLSRouteRules { /// requested to have 80% of requests, then 80% of requests must be rejected /// instead. /// - /// /// Support: Core for Kubernetes Service /// - /// /// Support: Extended for Kubernetes ServiceImport /// - /// /// Support: Implementation-specific for any other resource /// - /// /// Support for weight: Extended #[serde( default, @@ -329,42 +288,39 @@ pub struct TLSRouteRules { rename = "backendRefs" )] pub backend_refs: Option>, + /// Name is the name of the route rule. This name MUST be unique within a Route if it is set. + /// + /// Support: Extended + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, } /// BackendRef defines how a Route should forward a request to a Kubernetes /// resource. /// -/// /// Note that when a namespace different than the local namespace is specified, a /// ReferenceGrant object is required in the referent namespace to allow that /// namespace's owner to accept the reference. See the ReferenceGrant /// documentation for details. /// -/// /// /// -/// /// When the BackendRef points to a Kubernetes Service, implementations SHOULD /// honor the appProtocol field if it is set for the target Service Port. /// -/// /// Implementations supporting appProtocol SHOULD recognize the Kubernetes /// Standard Application Protocols defined in KEP-3726. /// -/// /// If a Service appProtocol isn't specified, an implementation MAY infer the /// backend protocol through its own means. Implementations MAY infer the /// protocol from the Route type referring to the backend Service. /// -/// /// If a Route is not able to send traffic to the backend using the specified /// protocol then the backend is considered invalid. Implementations MUST set the /// "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason. /// -/// /// /// -/// /// Note that when the BackendTLSPolicy object is enabled by the implementation, /// there are some extra rules about validity to consider here. See the fields /// where this struct is used for more information about the exact behavior. @@ -377,20 +333,16 @@ pub struct TLSRouteRulesBackendRefs { /// Kind is the Kubernetes resource kind of the referent. For example /// "Service". /// - /// /// Defaults to "Service" when not specified. /// - /// /// ExternalName services can refer to CNAME DNS records that may live /// outside of the cluster and as such are difficult to reason about in /// terms of conformance. They also may not be safe to forward to (see /// CVE-2021-25740 for more information). Implementations SHOULD NOT /// support ExternalName Services. /// - /// /// Support: Core (Services with a type other than ExternalName) /// - /// /// Support: Implementation-specific (Services with type ExternalName) #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, @@ -399,13 +351,11 @@ pub struct TLSRouteRulesBackendRefs { /// Namespace is the namespace of the backend. When unspecified, the local /// namespace is inferred. /// - /// /// Note that when a namespace different than the local namespace is specified, /// a ReferenceGrant object is required in the referent namespace to allow that /// namespace's owner to accept the reference. See the ReferenceGrant /// documentation for details. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, @@ -423,13 +373,11 @@ pub struct TLSRouteRulesBackendRefs { /// implementation supports. Weight is not a percentage and the sum of /// weights does not need to equal 100. /// - /// /// If only one backend is specified and it has a weight greater than 0, 100% /// of the traffic is forwarded to that backend. If weight is set to 0, no /// traffic should be forwarded for this entry. If unspecified, weight /// defaults to 1. /// - /// /// Support for this field varies based on the context where used. #[serde(default, skip_serializing_if = "Option::is_none")] pub weight: Option, @@ -445,13 +393,11 @@ pub struct TLSRouteStatus { /// first sees the route and should update the entry as appropriate when the /// route or gateway is modified. /// - /// /// Note that parent references that cannot be resolved by an implementation /// of this API will not be added to this list. Implementations of this API /// can only populate Route status for the Gateways/parent resources they are /// responsible for. /// - /// /// A maximum of 32 Gateways will be represented in this list. An empty list /// means the route has not been attached to any Gateway. pub parents: Vec, @@ -465,22 +411,18 @@ pub struct TLSRouteStatusParents { /// Note that the route's availability is also subject to the Gateway's own /// status conditions and listener status. /// - /// /// If the Route's ParentRef specifies an existing Gateway that supports /// Routes of this kind AND that Gateway's controller has sufficient access, /// then that Gateway's controller MUST set the "Accepted" condition on the /// Route, to indicate whether the route has been accepted or rejected by the /// Gateway, and why. /// - /// /// A Route MUST be considered "Accepted" if at least one of the Route's /// rules is implemented by the Gateway. /// - /// /// There are a number of cases where the "Accepted" condition may not be set /// due to lack of controller visibility, that includes when: /// - /// /// * The Route refers to a non-existent parent. /// * The Route is of a type that the controller does not support. /// * The Route is in a namespace the controller does not have access to. @@ -490,15 +432,12 @@ pub struct TLSRouteStatusParents { /// controller that wrote this status. This corresponds with the /// controllerName field on GatewayClass. /// - /// /// Example: "example.net/gateway-controller". /// - /// /// The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are /// valid Kubernetes names /// (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). /// - /// /// Controllers MUST populate this field when writing status. Controllers should ensure that /// entries to status populated with their ControllerName are cleaned up when they are no /// longer necessary. @@ -519,32 +458,26 @@ pub struct TLSRouteStatusParentsParentRef { /// To set the core API group (such as for a "Service" kind referent), /// Group must be explicitly set to "" (empty string). /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// Kind is kind of the referent. /// - /// /// There are two kinds of parent resources with "Core" support: /// - /// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// - /// /// Support for other resources is Implementation-Specific. #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, /// Name is the name of the referent. /// - /// /// Support: Core pub name: String, /// Namespace is the namespace of the referent. When unspecified, this refers /// to the local namespace of the Route. /// - /// /// Note that there are specific rules for ParentRefs which cross namespace /// boundaries. Cross-namespace references are only valid if they are explicitly /// allowed by something in the namespace they are referring to. For example: @@ -552,12 +485,10 @@ pub struct TLSRouteStatusParentsParentRef { /// generic way to enable any other kind of cross-namespace reference. /// /// - /// /// ParentRefs from a Route to a Service in the same namespace are "producer" /// routes, which apply default routing rules to inbound connections from /// any namespace to the Service. /// - /// /// ParentRefs from a Route to a Service in a different namespace are /// "consumer" routes, and these routing rules are only applied to outbound /// connections originating from the same namespace as the Route, for which @@ -565,14 +496,12 @@ pub struct TLSRouteStatusParentsParentRef { /// ParentRef of the Route. /// /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Port is the network port this Route targets. It can be interpreted /// differently based on the type of parent resource. /// - /// /// When the parent resource is a Gateway, this targets all listeners /// listening on the specified port that also support this kind of Route(and /// select this Route). It's not recommended to set `Port` unless the @@ -582,18 +511,15 @@ pub struct TLSRouteStatusParentsParentRef { /// must match both specified values. /// /// - /// /// When the parent resource is a Service, this targets a specific port in the /// Service spec. When both Port (experimental) and SectionName are specified, /// the name and port of the selected port must match both specified values. /// /// - /// /// Implementations MAY choose to support other parent resources. /// Implementations supporting other types of parent resources MUST clearly /// document how/if Port is interpreted. /// - /// /// For the purpose of status, an attachment is considered successful as /// long as the parent resource accepts it partially. For example, Gateway /// listeners can restrict which Routes can attach to them by Route kind, @@ -602,14 +528,12 @@ pub struct TLSRouteStatusParentsParentRef { /// attached. If no Gateway listeners accept attachment from this Route, /// the Route MUST be considered detached from the Gateway. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// SectionName is the name of a section within the target resource. In the /// following resources, SectionName is interpreted as the following: /// - /// /// * Gateway: Listener name. When both Port (experimental) and SectionName /// are specified, the name and port of the selected listener must match /// both specified values. @@ -617,12 +541,10 @@ pub struct TLSRouteStatusParentsParentRef { /// are specified, the name and port of the selected listener must match /// both specified values. /// - /// /// Implementations MAY choose to support attaching Routes to other resources. /// If that is the case, they MUST clearly document how SectionName is /// interpreted. /// - /// /// When unspecified (empty string), this will reference the entire resource. /// For the purpose of status, an attachment is considered successful if at /// least one section in the parent resource accepts it. For example, Gateway @@ -632,7 +554,6 @@ pub struct TLSRouteStatusParentsParentRef { /// attached. If no Gateway listeners accept attachment from this Route, the /// Route MUST be considered detached from the Gateway. /// - /// /// Support: Core #[serde( default, diff --git a/gateway-api/src/apis/experimental/udproutes.rs b/gateway-api/src/apis/experimental/udproutes.rs index 56375cc..842f5c0 100644 --- a/gateway-api/src/apis/experimental/udproutes.rs +++ b/gateway-api/src/apis/experimental/udproutes.rs @@ -1,6 +1,6 @@ // WARNING: generated by kopium - manual changes will be overwritten // kopium command: kopium --schema=derived --derive=JsonSchema --derive=Default --derive=PartialEq --docs -f - -// kopium version: 0.20.1 +// kopium version: 0.21.1 #[allow(unused_imports)] mod prelude { @@ -35,21 +35,16 @@ pub struct UDPRouteSpec { /// create a "producer" route for a Service in a different namespace from the /// Route. /// - /// /// There are two kinds of parent resources with "Core" support: /// - /// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// - /// /// This API may be extended in the future to support additional kinds of parent /// resources. /// - /// /// ParentRefs must be _distinct_. This means either that: /// - /// /// * They select different objects. If this is the case, then parentRef /// entries are distinct. In terms of fields, this means that the /// multi-part key defined by `group`, `kind`, `namespace`, and `name` must @@ -59,10 +54,8 @@ pub struct UDPRouteSpec { /// optional fields to different values. If one ParentRef sets a /// combination of optional fields, all must set the same combination. /// - /// /// Some examples: /// - /// /// * If one ParentRef sets `sectionName`, all ParentRefs referencing the /// same object must also set `sectionName`. /// * If one ParentRef sets `port`, all ParentRefs referencing the same @@ -70,14 +63,12 @@ pub struct UDPRouteSpec { /// * If one ParentRef sets `sectionName` and `port`, all ParentRefs /// referencing the same object must also set `sectionName` and `port`. /// - /// /// It is possible to separately reference multiple distinct objects that may /// be collapsed by an implementation. For example, some implementations may /// choose to merge compatible Gateway Listeners together. If that is the /// case, the list of routes attached to those resources should also be /// merged. /// - /// /// Note that for ParentRefs that cross namespace boundaries, there are specific /// rules. Cross-namespace references are only valid if they are explicitly /// allowed by something in the namespace they are referring to. For example, @@ -85,12 +76,10 @@ pub struct UDPRouteSpec { /// generic way to enable other kinds of cross-namespace reference. /// /// - /// /// ParentRefs from a Route to a Service in the same namespace are "producer" /// routes, which apply default routing rules to inbound connections from /// any namespace to the Service. /// - /// /// ParentRefs from a Route to a Service in a different namespace are /// "consumer" routes, and these routing rules are only applied to outbound /// connections originating from the same namespace as the Route, for which @@ -102,7 +91,6 @@ pub struct UDPRouteSpec { /// /// /// - /// #[serde( default, skip_serializing_if = "Option::is_none", @@ -110,6 +98,8 @@ pub struct UDPRouteSpec { )] pub parent_refs: Option>, /// Rules are a list of UDP matchers and actions. + /// + /// pub rules: Vec, } @@ -117,15 +107,12 @@ pub struct UDPRouteSpec { /// a parent of this resource (usually a route). There are two kinds of parent resources /// with "Core" support: /// -/// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// -/// /// This API may be extended in the future to support additional kinds of parent /// resources. /// -/// /// The API object must be valid in the cluster; the Group and Kind must /// be registered in the cluster for this reference to be valid. #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] @@ -135,32 +122,26 @@ pub struct UDPRouteParentRefs { /// To set the core API group (such as for a "Service" kind referent), /// Group must be explicitly set to "" (empty string). /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// Kind is kind of the referent. /// - /// /// There are two kinds of parent resources with "Core" support: /// - /// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// - /// /// Support for other resources is Implementation-Specific. #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, /// Name is the name of the referent. /// - /// /// Support: Core pub name: String, /// Namespace is the namespace of the referent. When unspecified, this refers /// to the local namespace of the Route. /// - /// /// Note that there are specific rules for ParentRefs which cross namespace /// boundaries. Cross-namespace references are only valid if they are explicitly /// allowed by something in the namespace they are referring to. For example: @@ -168,12 +149,10 @@ pub struct UDPRouteParentRefs { /// generic way to enable any other kind of cross-namespace reference. /// /// - /// /// ParentRefs from a Route to a Service in the same namespace are "producer" /// routes, which apply default routing rules to inbound connections from /// any namespace to the Service. /// - /// /// ParentRefs from a Route to a Service in a different namespace are /// "consumer" routes, and these routing rules are only applied to outbound /// connections originating from the same namespace as the Route, for which @@ -181,14 +160,12 @@ pub struct UDPRouteParentRefs { /// ParentRef of the Route. /// /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Port is the network port this Route targets. It can be interpreted /// differently based on the type of parent resource. /// - /// /// When the parent resource is a Gateway, this targets all listeners /// listening on the specified port that also support this kind of Route(and /// select this Route). It's not recommended to set `Port` unless the @@ -198,18 +175,15 @@ pub struct UDPRouteParentRefs { /// must match both specified values. /// /// - /// /// When the parent resource is a Service, this targets a specific port in the /// Service spec. When both Port (experimental) and SectionName are specified, /// the name and port of the selected port must match both specified values. /// /// - /// /// Implementations MAY choose to support other parent resources. /// Implementations supporting other types of parent resources MUST clearly /// document how/if Port is interpreted. /// - /// /// For the purpose of status, an attachment is considered successful as /// long as the parent resource accepts it partially. For example, Gateway /// listeners can restrict which Routes can attach to them by Route kind, @@ -218,14 +192,12 @@ pub struct UDPRouteParentRefs { /// attached. If no Gateway listeners accept attachment from this Route, /// the Route MUST be considered detached from the Gateway. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// SectionName is the name of a section within the target resource. In the /// following resources, SectionName is interpreted as the following: /// - /// /// * Gateway: Listener name. When both Port (experimental) and SectionName /// are specified, the name and port of the selected listener must match /// both specified values. @@ -233,12 +205,10 @@ pub struct UDPRouteParentRefs { /// are specified, the name and port of the selected listener must match /// both specified values. /// - /// /// Implementations MAY choose to support attaching Routes to other resources. /// If that is the case, they MUST clearly document how SectionName is /// interpreted. /// - /// /// When unspecified (empty string), this will reference the entire resource. /// For the purpose of status, an attachment is considered successful if at /// least one section in the parent resource accepts it. For example, Gateway @@ -248,7 +218,6 @@ pub struct UDPRouteParentRefs { /// attached. If no Gateway listeners accept attachment from this Route, the /// Route MUST be considered detached from the Gateway. /// - /// /// Support: Core #[serde( default, @@ -268,16 +237,12 @@ pub struct UDPRouteRules { /// respect weight; if an invalid backend is requested to have 80% of /// the packets, then 80% of packets must be dropped instead. /// - /// /// Support: Core for Kubernetes Service /// - /// /// Support: Extended for Kubernetes ServiceImport /// - /// /// Support: Implementation-specific for any other resource /// - /// /// Support for weight: Extended #[serde( default, @@ -285,42 +250,39 @@ pub struct UDPRouteRules { rename = "backendRefs" )] pub backend_refs: Option>, + /// Name is the name of the route rule. This name MUST be unique within a Route if it is set. + /// + /// Support: Extended + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, } /// BackendRef defines how a Route should forward a request to a Kubernetes /// resource. /// -/// /// Note that when a namespace different than the local namespace is specified, a /// ReferenceGrant object is required in the referent namespace to allow that /// namespace's owner to accept the reference. See the ReferenceGrant /// documentation for details. /// -/// /// /// -/// /// When the BackendRef points to a Kubernetes Service, implementations SHOULD /// honor the appProtocol field if it is set for the target Service Port. /// -/// /// Implementations supporting appProtocol SHOULD recognize the Kubernetes /// Standard Application Protocols defined in KEP-3726. /// -/// /// If a Service appProtocol isn't specified, an implementation MAY infer the /// backend protocol through its own means. Implementations MAY infer the /// protocol from the Route type referring to the backend Service. /// -/// /// If a Route is not able to send traffic to the backend using the specified /// protocol then the backend is considered invalid. Implementations MUST set the /// "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason. /// -/// /// /// -/// /// Note that when the BackendTLSPolicy object is enabled by the implementation, /// there are some extra rules about validity to consider here. See the fields /// where this struct is used for more information about the exact behavior. @@ -333,20 +295,16 @@ pub struct UDPRouteRulesBackendRefs { /// Kind is the Kubernetes resource kind of the referent. For example /// "Service". /// - /// /// Defaults to "Service" when not specified. /// - /// /// ExternalName services can refer to CNAME DNS records that may live /// outside of the cluster and as such are difficult to reason about in /// terms of conformance. They also may not be safe to forward to (see /// CVE-2021-25740 for more information). Implementations SHOULD NOT /// support ExternalName Services. /// - /// /// Support: Core (Services with a type other than ExternalName) /// - /// /// Support: Implementation-specific (Services with type ExternalName) #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, @@ -355,13 +313,11 @@ pub struct UDPRouteRulesBackendRefs { /// Namespace is the namespace of the backend. When unspecified, the local /// namespace is inferred. /// - /// /// Note that when a namespace different than the local namespace is specified, /// a ReferenceGrant object is required in the referent namespace to allow that /// namespace's owner to accept the reference. See the ReferenceGrant /// documentation for details. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, @@ -379,13 +335,11 @@ pub struct UDPRouteRulesBackendRefs { /// implementation supports. Weight is not a percentage and the sum of /// weights does not need to equal 100. /// - /// /// If only one backend is specified and it has a weight greater than 0, 100% /// of the traffic is forwarded to that backend. If weight is set to 0, no /// traffic should be forwarded for this entry. If unspecified, weight /// defaults to 1. /// - /// /// Support for this field varies based on the context where used. #[serde(default, skip_serializing_if = "Option::is_none")] pub weight: Option, @@ -401,13 +355,11 @@ pub struct UDPRouteStatus { /// first sees the route and should update the entry as appropriate when the /// route or gateway is modified. /// - /// /// Note that parent references that cannot be resolved by an implementation /// of this API will not be added to this list. Implementations of this API /// can only populate Route status for the Gateways/parent resources they are /// responsible for. /// - /// /// A maximum of 32 Gateways will be represented in this list. An empty list /// means the route has not been attached to any Gateway. pub parents: Vec, @@ -421,22 +373,18 @@ pub struct UDPRouteStatusParents { /// Note that the route's availability is also subject to the Gateway's own /// status conditions and listener status. /// - /// /// If the Route's ParentRef specifies an existing Gateway that supports /// Routes of this kind AND that Gateway's controller has sufficient access, /// then that Gateway's controller MUST set the "Accepted" condition on the /// Route, to indicate whether the route has been accepted or rejected by the /// Gateway, and why. /// - /// /// A Route MUST be considered "Accepted" if at least one of the Route's /// rules is implemented by the Gateway. /// - /// /// There are a number of cases where the "Accepted" condition may not be set /// due to lack of controller visibility, that includes when: /// - /// /// * The Route refers to a non-existent parent. /// * The Route is of a type that the controller does not support. /// * The Route is in a namespace the controller does not have access to. @@ -446,15 +394,12 @@ pub struct UDPRouteStatusParents { /// controller that wrote this status. This corresponds with the /// controllerName field on GatewayClass. /// - /// /// Example: "example.net/gateway-controller". /// - /// /// The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are /// valid Kubernetes names /// (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). /// - /// /// Controllers MUST populate this field when writing status. Controllers should ensure that /// entries to status populated with their ControllerName are cleaned up when they are no /// longer necessary. @@ -475,32 +420,26 @@ pub struct UDPRouteStatusParentsParentRef { /// To set the core API group (such as for a "Service" kind referent), /// Group must be explicitly set to "" (empty string). /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// Kind is kind of the referent. /// - /// /// There are two kinds of parent resources with "Core" support: /// - /// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// - /// /// Support for other resources is Implementation-Specific. #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, /// Name is the name of the referent. /// - /// /// Support: Core pub name: String, /// Namespace is the namespace of the referent. When unspecified, this refers /// to the local namespace of the Route. /// - /// /// Note that there are specific rules for ParentRefs which cross namespace /// boundaries. Cross-namespace references are only valid if they are explicitly /// allowed by something in the namespace they are referring to. For example: @@ -508,12 +447,10 @@ pub struct UDPRouteStatusParentsParentRef { /// generic way to enable any other kind of cross-namespace reference. /// /// - /// /// ParentRefs from a Route to a Service in the same namespace are "producer" /// routes, which apply default routing rules to inbound connections from /// any namespace to the Service. /// - /// /// ParentRefs from a Route to a Service in a different namespace are /// "consumer" routes, and these routing rules are only applied to outbound /// connections originating from the same namespace as the Route, for which @@ -521,14 +458,12 @@ pub struct UDPRouteStatusParentsParentRef { /// ParentRef of the Route. /// /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Port is the network port this Route targets. It can be interpreted /// differently based on the type of parent resource. /// - /// /// When the parent resource is a Gateway, this targets all listeners /// listening on the specified port that also support this kind of Route(and /// select this Route). It's not recommended to set `Port` unless the @@ -538,18 +473,15 @@ pub struct UDPRouteStatusParentsParentRef { /// must match both specified values. /// /// - /// /// When the parent resource is a Service, this targets a specific port in the /// Service spec. When both Port (experimental) and SectionName are specified, /// the name and port of the selected port must match both specified values. /// /// - /// /// Implementations MAY choose to support other parent resources. /// Implementations supporting other types of parent resources MUST clearly /// document how/if Port is interpreted. /// - /// /// For the purpose of status, an attachment is considered successful as /// long as the parent resource accepts it partially. For example, Gateway /// listeners can restrict which Routes can attach to them by Route kind, @@ -558,14 +490,12 @@ pub struct UDPRouteStatusParentsParentRef { /// attached. If no Gateway listeners accept attachment from this Route, /// the Route MUST be considered detached from the Gateway. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// SectionName is the name of a section within the target resource. In the /// following resources, SectionName is interpreted as the following: /// - /// /// * Gateway: Listener name. When both Port (experimental) and SectionName /// are specified, the name and port of the selected listener must match /// both specified values. @@ -573,12 +503,10 @@ pub struct UDPRouteStatusParentsParentRef { /// are specified, the name and port of the selected listener must match /// both specified values. /// - /// /// Implementations MAY choose to support attaching Routes to other resources. /// If that is the case, they MUST clearly document how SectionName is /// interpreted. /// - /// /// When unspecified (empty string), this will reference the entire resource. /// For the purpose of status, an attachment is considered successful if at /// least one section in the parent resource accepts it. For example, Gateway @@ -588,7 +516,6 @@ pub struct UDPRouteStatusParentsParentRef { /// attached. If no Gateway listeners accept attachment from this Route, the /// Route MUST be considered detached from the Gateway. /// - /// /// Support: Core #[serde( default, diff --git a/gateway-api/src/apis/standard/gatewayclasses.rs b/gateway-api/src/apis/standard/gatewayclasses.rs index dcd45e8..2152e73 100644 --- a/gateway-api/src/apis/standard/gatewayclasses.rs +++ b/gateway-api/src/apis/standard/gatewayclasses.rs @@ -1,6 +1,6 @@ // WARNING: generated by kopium - manual changes will be overwritten // kopium command: kopium --schema=derived --derive=JsonSchema --derive=Default --derive=PartialEq --docs -f - -// kopium version: 0.20.1 +// kopium version: 0.21.1 #[allow(unused_imports)] mod prelude { @@ -26,13 +26,10 @@ pub struct GatewayClassSpec { /// ControllerName is the name of the controller that is managing Gateways of /// this class. The value of this field MUST be a domain prefixed path. /// - /// /// Example: "example.net/gateway-controller". /// - /// /// This field is not mutable and cannot be empty. /// - /// /// Support: Core #[serde(rename = "controllerName")] pub controller_name: String, @@ -43,21 +40,19 @@ pub struct GatewayClassSpec { /// parameters corresponding to the GatewayClass. This is optional if the /// controller does not require any additional configuration. /// - /// /// ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, /// or an implementation-specific custom resource. The resource can be /// cluster-scoped or namespace-scoped. /// - /// - /// If the referent cannot be found, the GatewayClass's "InvalidParameters" - /// status condition will be true. - /// + /// If the referent cannot be found, refers to an unsupported kind, or when + /// the data within that resource is malformed, the GatewayClass SHOULD be + /// rejected with the "Accepted" status condition set to "False" and an + /// "InvalidParameters" reason. /// /// A Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified, /// the merging behavior is implementation specific. /// It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway. /// - /// /// Support: Implementation-specific #[serde( default, @@ -71,21 +66,19 @@ pub struct GatewayClassSpec { /// parameters corresponding to the GatewayClass. This is optional if the /// controller does not require any additional configuration. /// -/// /// ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, /// or an implementation-specific custom resource. The resource can be /// cluster-scoped or namespace-scoped. /// -/// -/// If the referent cannot be found, the GatewayClass's "InvalidParameters" -/// status condition will be true. -/// +/// If the referent cannot be found, refers to an unsupported kind, or when +/// the data within that resource is malformed, the GatewayClass SHOULD be +/// rejected with the "Accepted" status condition set to "False" and an +/// "InvalidParameters" reason. /// /// A Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified, /// the merging behavior is implementation specific. /// It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway. /// -/// /// Support: Implementation-specific #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GatewayClassParametersRef { @@ -104,7 +97,6 @@ pub struct GatewayClassParametersRef { /// Status defines the current state of GatewayClass. /// -/// /// Implementations MUST populate status on all GatewayClass resources which /// specify their controller name. #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] @@ -112,7 +104,6 @@ pub struct GatewayClassStatus { /// Conditions is the current status from the controller for /// this GatewayClass. /// - /// /// Controllers should prefer to publish conditions using values /// of GatewayClassConditionType for the type of each Condition. #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/gateway-api/src/apis/standard/gateways.rs b/gateway-api/src/apis/standard/gateways.rs index 94cbf92..ad06c70 100644 --- a/gateway-api/src/apis/standard/gateways.rs +++ b/gateway-api/src/apis/standard/gateways.rs @@ -1,6 +1,6 @@ // WARNING: generated by kopium - manual changes will be overwritten // kopium command: kopium --schema=derived --derive=JsonSchema --derive=Default --derive=PartialEq --docs -f - -// kopium version: 0.20.1 +// kopium version: 0.21.1 #[allow(unused_imports)] mod prelude { @@ -30,39 +30,38 @@ pub struct GatewaySpec { /// requested address is invalid or unavailable, the implementation MUST /// indicate this in the associated entry in GatewayStatus.Addresses. /// - /// /// The Addresses field represents a request for the address(es) on the /// "outside of the Gateway", that traffic bound for this Gateway will use. /// This could be the IP address or hostname of an external load balancer or /// other networking infrastructure, or some other address that traffic will /// be sent to. /// - /// /// If no Addresses are specified, the implementation MAY schedule the /// Gateway in an implementation-specific manner, assigning an appropriate /// set of Addresses. /// - /// /// The implementation MUST bind all Listeners to every GatewayAddress that /// it assigns to the Gateway and add a corresponding entry in /// GatewayStatus.Addresses. /// - /// /// Support: Extended /// /// - /// #[serde(default, skip_serializing_if = "Option::is_none")] pub addresses: Option>, /// GatewayClassName used for this Gateway. This is the name of a /// GatewayClass resource. #[serde(rename = "gatewayClassName")] pub gateway_class_name: String, + /// Infrastructure defines infrastructure level attributes about this Gateway instance. + /// + /// Support: Extended + #[serde(default, skip_serializing_if = "Option::is_none")] + pub infrastructure: Option, /// Listeners associated with this Gateway. Listeners define /// logical endpoints that are bound on this Gateway's addresses. /// At least one Listener MUST be specified. /// - /// /// Each Listener in a set of Listeners (for example, in a single Gateway) /// MUST be _distinct_, in that a traffic flow MUST be able to be assigned to /// exactly one listener. (This section uses "set of Listeners" rather than @@ -70,42 +69,32 @@ pub struct GatewaySpec { /// from multiple Gateways onto a single data plane, and these rules _also_ /// apply in that case). /// - /// /// Practically, this means that each listener in a set MUST have a unique /// combination of Port, Protocol, and, if supported by the protocol, Hostname. /// - /// /// Some combinations of port, protocol, and TLS settings are considered /// Core support and MUST be supported by implementations based on their /// targeted conformance profile: /// - /// /// HTTP Profile /// - /// /// 1. HTTPRoute, Port: 80, Protocol: HTTP /// 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided /// - /// /// TLS Profile /// - /// /// 1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough /// - /// /// "Distinct" Listeners have the following property: /// - /// /// The implementation can match inbound requests to a single distinct /// Listener. When multiple Listeners share values for fields (for /// example, two Listeners with the same Port value), the implementation /// can match requests to only one of the Listeners using other /// Listener fields. /// - /// /// For example, the following Listener scenarios are distinct: /// - /// /// 1. Multiple Listeners with the same Port that all use the "HTTP" /// Protocol that all have unique Hostname values. /// 2. Multiple Listeners with the same Port that use either the "HTTPS" or @@ -113,45 +102,37 @@ pub struct GatewaySpec { /// 3. A mixture of "TCP" and "UDP" Protocol Listeners, where no Listener /// with the same Protocol has the same Port value. /// - /// /// Some fields in the Listener struct have possible values that affect /// whether the Listener is distinct. Hostname is particularly relevant /// for HTTP or HTTPS protocols. /// - /// /// When using the Hostname value to select between same-Port, same-Protocol /// Listeners, the Hostname value must be different on each Listener for the /// Listener to be distinct. /// - /// /// When the Listeners are distinct based on Hostname, inbound request /// hostnames MUST match from the most specific to least specific Hostname /// values to choose the correct Listener and its associated set of Routes. /// - /// /// Exact matches must be processed before wildcard matches, and wildcard /// matches must be processed before fallback (empty Hostname value) /// matches. For example, `"foo.example.com"` takes precedence over /// `"*.example.com"`, and `"*.example.com"` takes precedence over `""`. /// - /// /// Additionally, if there are multiple wildcard entries, more specific /// wildcard entries must be processed before less specific wildcard entries. /// For example, `"*.foo.example.com"` takes precedence over `"*.example.com"`. /// The precise definition here is that the higher the number of dots in the /// hostname to the right of the wildcard character, the higher the precedence. /// - /// /// The wildcard character will match any number of characters _and dots_ to /// the left, however, so `"*.example.com"` will match both /// `"foo.bar.example.com"` _and_ `"bar.example.com"`. /// - /// /// If a set of Listeners contains Listeners that are not distinct, then those /// Listeners are Conflicted, and the implementation MUST set the "Conflicted" /// condition in the Listener Status to "True". /// - /// /// Implementations MAY choose to accept a Gateway with some Conflicted /// Listeners only if they only accept the partial Listener set that contains /// no Conflicted Listeners. To put this another way, implementations may @@ -161,7 +142,6 @@ pub struct GatewaySpec { /// Listener in this case, otherwise it violates the requirement that at /// least one Listener must be present. /// - /// /// The implementation MUST set a "ListenersNotValid" condition on the /// Gateway Status when the Gateway contains Conflicted Listeners whether or /// not they accept the Gateway. That Condition SHOULD clearly @@ -169,26 +149,21 @@ pub struct GatewaySpec { /// Accepted. Additionally, the Listener status for those listeners SHOULD /// indicate which Listeners are conflicted and not Accepted. /// - /// /// A Gateway's Listeners are considered "compatible" if: /// - /// /// 1. They are distinct. /// 2. The implementation can serve them in compliance with the Addresses /// requirement that all Listeners are available on all assigned /// addresses. /// - /// /// Compatible combinations in Extended support are expected to vary across /// implementations. A combination that is compatible for one implementation /// may not be compatible for another. /// - /// /// For example, an implementation that cannot serve both TCP and UDP listeners /// on the same address, or cannot mix HTTPS and generic TLS listens on the same port /// would not consider those cases compatible, even though they are distinct. /// - /// /// Note that requests SHOULD match at most one Listener. For example, if /// Listeners are defined for "foo.example.com" and "*.example.com", a /// request to "foo.example.com" SHOULD only be routed using routes attached @@ -196,11 +171,9 @@ pub struct GatewaySpec { /// This concept is known as "Listener Isolation". Implementations that do /// not support Listener Isolation MUST clearly document this. /// - /// /// Implementations MAY merge separate Gateways onto a single set of /// Addresses if all Listeners across all Gateways are compatible. /// - /// /// Support: Core pub listeners: Vec, } @@ -214,11 +187,78 @@ pub struct GatewayAddresses { /// Value of the address. The validity of the values will depend /// on the type and support by the controller. /// - /// /// Examples: `1.2.3.4`, `128::1`, `my-ip-address`. pub value: String, } +/// Infrastructure defines infrastructure level attributes about this Gateway instance. +/// +/// Support: Extended +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] +pub struct GatewayInfrastructure { + /// Annotations that SHOULD be applied to any resources created in response to this Gateway. + /// + /// For implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources. + /// For other implementations, this refers to any relevant (implementation specific) "annotations" concepts. + /// + /// An implementation may chose to add additional implementation-specific annotations as they see fit. + /// + /// Support: Extended + #[serde(default, skip_serializing_if = "Option::is_none")] + pub annotations: Option>, + /// Labels that SHOULD be applied to any resources created in response to this Gateway. + /// + /// For implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources. + /// For other implementations, this refers to any relevant (implementation specific) "labels" concepts. + /// + /// An implementation may chose to add additional implementation-specific labels as they see fit. + /// + /// If an implementation maps these labels to Pods, or any other resource that would need to be recreated when labels + /// change, it SHOULD clearly warn about this behavior in documentation. + /// + /// Support: Extended + #[serde(default, skip_serializing_if = "Option::is_none")] + pub labels: Option>, + /// ParametersRef is a reference to a resource that contains the configuration + /// parameters corresponding to the Gateway. This is optional if the + /// controller does not require any additional configuration. + /// + /// This follows the same semantics as GatewayClass's `parametersRef`, but on a per-Gateway basis + /// + /// The Gateway's GatewayClass may provide its own `parametersRef`. When both are specified, + /// the merging behavior is implementation specific. + /// It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway. + /// + /// Support: Implementation-specific + #[serde( + default, + skip_serializing_if = "Option::is_none", + rename = "parametersRef" + )] + pub parameters_ref: Option, +} + +/// ParametersRef is a reference to a resource that contains the configuration +/// parameters corresponding to the Gateway. This is optional if the +/// controller does not require any additional configuration. +/// +/// This follows the same semantics as GatewayClass's `parametersRef`, but on a per-Gateway basis +/// +/// The Gateway's GatewayClass may provide its own `parametersRef`. When both are specified, +/// the merging behavior is implementation specific. +/// It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway. +/// +/// Support: Implementation-specific +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] +pub struct GatewayInfrastructureParametersRef { + /// Group is the group of the referent. + pub group: String, + /// Kind is kind of the referent. + pub kind: String, + /// Name is the name of the referent. + pub name: String, +} + /// Listener embodies the concept of a logical endpoint where a Gateway accepts /// network connections. #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] @@ -227,12 +267,10 @@ pub struct GatewayListeners { /// Listener and the trusted namespaces where those Route resources MAY be /// present. /// - /// /// Although a client request may match multiple route rules, only one rule /// may ultimately receive the request. Matching precedence MUST be /// determined in order of the following criteria: /// - /// /// * The most specific match as defined by the Route type. /// * The oldest Route based on creation timestamp. For example, a Route with /// a creation timestamp of "2020-09-08 01:02:03" is given precedence over @@ -241,7 +279,6 @@ pub struct GatewayListeners { /// alphabetical order (namespace/name) should be given precedence. For /// example, foo/bar is given precedence over foo/baz. /// - /// /// All valid rules within a Route attached to this Listener should be /// implemented. Invalid Route rules can be ignored (sometimes that will mean /// the full Route). If a Route rule transitions from valid to invalid, @@ -249,7 +286,6 @@ pub struct GatewayListeners { /// example, even if a filter specified by a Route rule is invalid, the rest /// of the rules within that Route should still be supported. /// - /// /// Support: Core #[serde( default, @@ -262,11 +298,9 @@ pub struct GatewayListeners { /// field is ignored for protocols that don't require hostname based /// matching. /// - /// /// Implementations MUST apply Hostname matching appropriately for each of /// the following protocols: /// - /// /// * TLS: The Listener Hostname MUST match the SNI. /// * HTTP: The Listener Hostname MUST match the Host header of the request. /// * HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP @@ -274,52 +308,43 @@ pub struct GatewayListeners { /// ensure that both the SNI and Host header match the Listener hostname, /// it MUST clearly document that. /// - /// /// For HTTPRoute and TLSRoute resources, there is an interaction with the /// `spec.hostnames` array. When both listener and route specify hostnames, /// there MUST be an intersection between the values for a Route to be /// accepted. For more information, refer to the Route specific Hostnames /// documentation. /// - /// /// Hostnames that are prefixed with a wildcard label (`*.`) are interpreted /// as a suffix match. That means that a match for `*.example.com` would match /// both `test.example.com`, and `foo.test.example.com`, but not `example.com`. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub hostname: Option, /// Name is the name of the Listener. This name MUST be unique within a /// Gateway. /// - /// /// Support: Core pub name: String, /// Port is the network port. Multiple listeners may use the /// same port, subject to the Listener compatibility rules. /// - /// /// Support: Core pub port: i32, /// Protocol specifies the network protocol this listener expects to receive. /// - /// /// Support: Core pub protocol: String, /// TLS is the TLS configuration for the Listener. This field is required if /// the Protocol field is "HTTPS" or "TLS". It is invalid to set this field /// if the Protocol field is "HTTP", "TCP", or "UDP". /// - /// /// The association of SNIs to Certificate defined in GatewayTLSConfig is /// defined based on the Hostname field for this listener. /// - /// /// The GatewayClass MUST use the longest matching SNI out of all /// available certificates for any TLS handshake. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub tls: Option, @@ -329,12 +354,10 @@ pub struct GatewayListeners { /// Listener and the trusted namespaces where those Route resources MAY be /// present. /// -/// /// Although a client request may match multiple route rules, only one rule /// may ultimately receive the request. Matching precedence MUST be /// determined in order of the following criteria: /// -/// /// * The most specific match as defined by the Route type. /// * The oldest Route based on creation timestamp. For example, a Route with /// a creation timestamp of "2020-09-08 01:02:03" is given precedence over @@ -343,7 +366,6 @@ pub struct GatewayListeners { /// alphabetical order (namespace/name) should be given precedence. For /// example, foo/bar is given precedence over foo/baz. /// -/// /// All valid rules within a Route attached to this Listener should be /// implemented. Invalid Route rules can be ignored (sometimes that will mean /// the full Route). If a Route rule transitions from valid to invalid, @@ -351,7 +373,6 @@ pub struct GatewayListeners { /// example, even if a filter specified by a Route rule is invalid, the rest /// of the rules within that Route should still be supported. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GatewayListenersAllowedRoutes { @@ -359,21 +380,18 @@ pub struct GatewayListenersAllowedRoutes { /// to this Gateway Listener. When unspecified or empty, the kinds of Routes /// selected are determined using the Listener protocol. /// - /// /// A RouteGroupKind MUST correspond to kinds of Routes that are compatible /// with the application protocol specified in the Listener's Protocol field. /// If an implementation does not support or recognize this resource type, it /// MUST set the "ResolvedRefs" condition to False for this Listener with the /// "InvalidRouteKinds" reason. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub kinds: Option>, /// Namespaces indicates namespaces from which Routes may be attached to this /// Listener. This is restricted to the namespace of this Gateway by default. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option, @@ -392,20 +410,17 @@ pub struct GatewayListenersAllowedRoutesKinds { /// Namespaces indicates namespaces from which Routes may be attached to this /// Listener. This is restricted to the namespace of this Gateway by default. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GatewayListenersAllowedRoutesNamespaces { /// From indicates where Routes will be selected for this Gateway. Possible /// values are: /// - /// /// * All: Routes in all namespaces may be used by this Gateway. /// * Selector: Routes in namespaces selected by the selector may be used by /// this Gateway. /// * Same: Only Routes in the same namespace may be used by this Gateway. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub from: Option, @@ -413,7 +428,6 @@ pub struct GatewayListenersAllowedRoutesNamespaces { /// only Routes in Namespaces matching this Selector will be selected by this /// Gateway. This field is ignored for other values of "From". /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub selector: Option, @@ -422,7 +436,6 @@ pub struct GatewayListenersAllowedRoutesNamespaces { /// Namespaces indicates namespaces from which Routes may be attached to this /// Listener. This is restricted to the namespace of this Gateway by default. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum GatewayListenersAllowedRoutesNamespacesFrom { @@ -435,7 +448,6 @@ pub enum GatewayListenersAllowedRoutesNamespacesFrom { /// only Routes in Namespaces matching this Selector will be selected by this /// Gateway. This field is ignored for other values of "From". /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GatewayListenersAllowedRoutesNamespacesSelector { @@ -479,15 +491,12 @@ pub struct GatewayListenersAllowedRoutesNamespacesSelectorMatchExpressions { /// the Protocol field is "HTTPS" or "TLS". It is invalid to set this field /// if the Protocol field is "HTTP", "TCP", or "UDP". /// -/// /// The association of SNIs to Certificate defined in GatewayTLSConfig is /// defined based on the Hostname field for this listener. /// -/// /// The GatewayClass MUST use the longest matching SNI out of all /// available certificates for any TLS handshake. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct GatewayListenersTls { @@ -496,30 +505,24 @@ pub struct GatewayListenersTls { /// establish a TLS handshake for requests that match the hostname of the /// associated listener. /// - /// /// A single CertificateRef to a Kubernetes Secret has "Core" support. /// Implementations MAY choose to support attaching multiple certificates to /// a Listener, but this behavior is implementation-specific. /// - /// /// References to a resource in different namespace are invalid UNLESS there /// is a ReferenceGrant in the target namespace that allows the certificate /// to be attached. If a ReferenceGrant does not allow this reference, the /// "ResolvedRefs" condition MUST be set to False for this listener with the /// "RefNotPermitted" reason. /// - /// /// This field is required to have at least one element when the mode is set /// to "Terminate" (default) and is optional otherwise. /// - /// /// CertificateRefs can reference to standard Kubernetes resources, i.e. /// Secret, or implementation-specific custom resources. /// - /// /// Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls /// - /// /// Support: Implementation-specific (More than one reference or other resource types) #[serde( default, @@ -530,7 +533,6 @@ pub struct GatewayListenersTls { /// Mode defines the TLS behavior for the TLS session initiated by the client. /// There are two possible modes: /// - /// /// - Terminate: The TLS session between the downstream client and the /// Gateway is terminated at the Gateway. This mode requires certificates /// to be specified in some way, such as populating the certificateRefs @@ -540,7 +542,6 @@ pub struct GatewayListenersTls { /// the ClientHello message of the TLS protocol. The certificateRefs field /// is ignored in this mode. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, @@ -548,13 +549,11 @@ pub struct GatewayListenersTls { /// configuration for each implementation. For example, configuring the /// minimum TLS version or supported cipher suites. /// - /// /// A set of common keys MAY be defined by the API in the future. To avoid /// any ambiguity, implementation-specific definitions MUST use /// domain-prefixed names, such as `example.com/my-custom-option`. /// Un-prefixed names are reserved for key names defined by Gateway API. /// - /// /// Support: Implementation-specific #[serde(default, skip_serializing_if = "Option::is_none")] pub options: Option>, @@ -563,11 +562,9 @@ pub struct GatewayListenersTls { /// SecretObjectReference identifies an API object including its namespace, /// defaulting to Secret. /// -/// /// The API object must be valid in the cluster; the Group and Kind must /// be registered in the cluster for this reference to be valid. /// -/// /// References to objects with invalid Group and Kind are not valid, and must /// be rejected by the implementation, with appropriate Conditions set /// on the containing object. @@ -585,13 +582,11 @@ pub struct GatewayListenersTlsCertificateRefs { /// Namespace is the namespace of the referenced object. When unspecified, the local /// namespace is inferred. /// - /// /// Note that when a namespace different than the local namespace is specified, /// a ReferenceGrant object is required in the referent namespace to allow that /// namespace's owner to accept the reference. See the ReferenceGrant /// documentation for details. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, @@ -601,15 +596,12 @@ pub struct GatewayListenersTlsCertificateRefs { /// the Protocol field is "HTTPS" or "TLS". It is invalid to set this field /// if the Protocol field is "HTTP", "TCP", or "UDP". /// -/// /// The association of SNIs to Certificate defined in GatewayTLSConfig is /// defined based on the Hostname field for this listener. /// -/// /// The GatewayClass MUST use the longest matching SNI out of all /// available certificates for any TLS handshake. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum GatewayListenersTlsMode { @@ -623,31 +615,25 @@ pub struct GatewayStatus { /// Addresses lists the network addresses that have been bound to the /// Gateway. /// - /// /// This list may differ from the addresses provided in the spec under some /// conditions: /// - /// /// * no addresses are specified, all addresses are dynamically assigned /// * a combination of specified and dynamic addresses are assigned /// * a specified address was unusable (e.g. already in use) /// /// - /// #[serde(default, skip_serializing_if = "Option::is_none")] pub addresses: Option>, /// Conditions describe the current conditions of the Gateway. /// - /// /// Implementations should prefer to express Gateway conditions /// using the `GatewayConditionType` and `GatewayConditionReason` /// constants so that operators and tools can converge on a common /// vocabulary to describe Gateway state. /// - /// /// Known condition types are: /// - /// /// * "Accepted" /// * "Programmed" /// * "Ready" @@ -667,7 +653,6 @@ pub struct GatewayStatusAddresses { /// Value of the address. The validity of the values will depend /// on the type and support by the controller. /// - /// /// Examples: `1.2.3.4`, `128::1`, `my-ip-address`. pub value: String, } @@ -678,7 +663,6 @@ pub struct GatewayStatusListeners { /// AttachedRoutes represents the total number of Routes that have been /// successfully attached to this Listener. /// - /// /// Successful attachment of a Route to a Listener is based solely on the /// combination of the AllowedRoutes field on the corresponding Listener /// and the Route's ParentRefs field. A Route is successfully attached to @@ -691,7 +675,6 @@ pub struct GatewayStatusListeners { /// for Listeners with condition Accepted: false and MUST count successfully /// attached Routes that may themselves have Accepted: false conditions. /// - /// /// Uses for this field include troubleshooting Route attachment and /// measuring blast radius/impact of changes to a Listener. #[serde(rename = "attachedRoutes")] @@ -704,7 +687,6 @@ pub struct GatewayStatusListeners { /// listener. This MUST represent the kinds an implementation supports for /// that Listener configuration. /// - /// /// If kinds are specified in Spec that are not supported, they MUST NOT /// appear in this list and an implementation MUST set the "ResolvedRefs" /// condition to "False" with the "InvalidRouteKinds" reason. If both valid diff --git a/gateway-api/src/apis/standard/httproutes.rs b/gateway-api/src/apis/standard/httproutes.rs index 95cb252..af416a4 100644 --- a/gateway-api/src/apis/standard/httproutes.rs +++ b/gateway-api/src/apis/standard/httproutes.rs @@ -1,6 +1,6 @@ // WARNING: generated by kopium - manual changes will be overwritten // kopium command: kopium --schema=derived --derive=JsonSchema --derive=Default --derive=PartialEq --docs -f - -// kopium version: 0.20.1 +// kopium version: 0.21.1 #[allow(unused_imports)] mod prelude { @@ -30,21 +30,17 @@ pub struct HTTPRouteSpec { /// performing a match and (absent of any applicable header modification /// configuration) MUST forward this header unmodified to the backend. /// - /// /// Valid values for Hostnames are determined by RFC 1123 definition of a /// hostname with 2 notable exceptions: /// - /// /// 1. IPs are not allowed. /// 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard /// label must appear by itself as the first label. /// - /// /// If a hostname is specified by both the Listener and HTTPRoute, there /// must be at least one intersecting hostname for the HTTPRoute to be /// attached to the Listener. For example: /// - /// /// * A Listener with `test.example.com` as the hostname matches HTTPRoutes /// that have either not specified any hostnames, or have specified at /// least one of `test.example.com` or `*.example.com`. @@ -55,38 +51,31 @@ pub struct HTTPRouteSpec { /// all match. On the other hand, `example.com` and `test.example.net` would /// not match. /// - /// /// Hostnames that are prefixed with a wildcard label (`*.`) are interpreted /// as a suffix match. That means that a match for `*.example.com` would match /// both `test.example.com`, and `foo.test.example.com`, but not `example.com`. /// - /// /// If both the Listener and HTTPRoute have specified hostnames, any /// HTTPRoute hostnames that do not match the Listener hostname MUST be /// ignored. For example, if a Listener specified `*.example.com`, and the /// HTTPRoute specified `test.example.com` and `test.example.net`, /// `test.example.net` must not be considered for a match. /// - /// /// If both the Listener and HTTPRoute have specified hostnames, and none /// match with the criteria above, then the HTTPRoute is not accepted. The /// implementation must raise an 'Accepted' Condition with a status of /// `False` in the corresponding RouteParentStatus. /// - /// /// In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. /// overlapping wildcard matching and exact matching hostnames), precedence must /// be given to rules from the HTTPRoute with the largest number of: /// - /// /// * Characters in a matching non-wildcard hostname. /// * Characters in a matching hostname. /// - /// /// If ties exist across multiple Routes, the matching precedence rules for /// HTTPRouteMatches takes over. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub hostnames: Option>, @@ -101,21 +90,16 @@ pub struct HTTPRouteSpec { /// create a "producer" route for a Service in a different namespace from the /// Route. /// - /// /// There are two kinds of parent resources with "Core" support: /// - /// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// - /// /// This API may be extended in the future to support additional kinds of parent /// resources. /// - /// /// ParentRefs must be _distinct_. This means either that: /// - /// /// * They select different objects. If this is the case, then parentRef /// entries are distinct. In terms of fields, this means that the /// multi-part key defined by `group`, `kind`, `namespace`, and `name` must @@ -125,10 +109,8 @@ pub struct HTTPRouteSpec { /// optional fields to different values. If one ParentRef sets a /// combination of optional fields, all must set the same combination. /// - /// /// Some examples: /// - /// /// * If one ParentRef sets `sectionName`, all ParentRefs referencing the /// same object must also set `sectionName`. /// * If one ParentRef sets `port`, all ParentRefs referencing the same @@ -136,14 +118,12 @@ pub struct HTTPRouteSpec { /// * If one ParentRef sets `sectionName` and `port`, all ParentRefs /// referencing the same object must also set `sectionName` and `port`. /// - /// /// It is possible to separately reference multiple distinct objects that may /// be collapsed by an implementation. For example, some implementations may /// choose to merge compatible Gateway Listeners together. If that is the /// case, the list of routes attached to those resources should also be /// merged. /// - /// /// Note that for ParentRefs that cross namespace boundaries, there are specific /// rules. Cross-namespace references are only valid if they are explicitly /// allowed by something in the namespace they are referring to. For example, @@ -156,8 +136,6 @@ pub struct HTTPRouteSpec { /// /// /// - /// - /// #[serde( default, skip_serializing_if = "Option::is_none", @@ -165,6 +143,8 @@ pub struct HTTPRouteSpec { )] pub parent_refs: Option>, /// Rules are a list of HTTP matchers, filters and actions. + /// + /// #[serde(default, skip_serializing_if = "Option::is_none")] pub rules: Option>, } @@ -173,15 +153,12 @@ pub struct HTTPRouteSpec { /// a parent of this resource (usually a route). There are two kinds of parent resources /// with "Core" support: /// -/// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// -/// /// This API may be extended in the future to support additional kinds of parent /// resources. /// -/// /// The API object must be valid in the cluster; the Group and Kind must /// be registered in the cluster for this reference to be valid. #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] @@ -191,32 +168,26 @@ pub struct HTTPRouteParentRefs { /// To set the core API group (such as for a "Service" kind referent), /// Group must be explicitly set to "" (empty string). /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// Kind is kind of the referent. /// - /// /// There are two kinds of parent resources with "Core" support: /// - /// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// - /// /// Support for other resources is Implementation-Specific. #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, /// Name is the name of the referent. /// - /// /// Support: Core pub name: String, /// Namespace is the namespace of the referent. When unspecified, this refers /// to the local namespace of the Route. /// - /// /// Note that there are specific rules for ParentRefs which cross namespace /// boundaries. Cross-namespace references are only valid if they are explicitly /// allowed by something in the namespace they are referring to. For example: @@ -225,15 +196,12 @@ pub struct HTTPRouteParentRefs { /// /// /// - /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Port is the network port this Route targets. It can be interpreted /// differently based on the type of parent resource. /// - /// /// When the parent resource is a Gateway, this targets all listeners /// listening on the specified port that also support this kind of Route(and /// select this Route). It's not recommended to set `Port` unless the @@ -244,13 +212,10 @@ pub struct HTTPRouteParentRefs { /// /// /// - /// - /// /// Implementations MAY choose to support other parent resources. /// Implementations supporting other types of parent resources MUST clearly /// document how/if Port is interpreted. /// - /// /// For the purpose of status, an attachment is considered successful as /// long as the parent resource accepts it partially. For example, Gateway /// listeners can restrict which Routes can attach to them by Route kind, @@ -259,14 +224,12 @@ pub struct HTTPRouteParentRefs { /// attached. If no Gateway listeners accept attachment from this Route, /// the Route MUST be considered detached from the Gateway. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// SectionName is the name of a section within the target resource. In the /// following resources, SectionName is interpreted as the following: /// - /// /// * Gateway: Listener name. When both Port (experimental) and SectionName /// are specified, the name and port of the selected listener must match /// both specified values. @@ -274,12 +237,10 @@ pub struct HTTPRouteParentRefs { /// are specified, the name and port of the selected listener must match /// both specified values. /// - /// /// Implementations MAY choose to support attaching Routes to other resources. /// If that is the case, they MUST clearly document how SectionName is /// interpreted. /// - /// /// When unspecified (empty string), this will reference the entire resource. /// For the purpose of status, an attachment is considered successful if at /// least one section in the parent resource accepts it. For example, Gateway @@ -289,7 +250,6 @@ pub struct HTTPRouteParentRefs { /// attached. If no Gateway listeners accept attachment from this Route, the /// Route MUST be considered detached from the Gateway. /// - /// /// Support: Core #[serde( default, @@ -307,41 +267,37 @@ pub struct HTTPRouteRules { /// BackendRefs defines the backend(s) where matching requests should be /// sent. /// - /// /// Failure behavior here depends on how many BackendRefs are specified and /// how many are invalid. /// - /// /// If *all* entries in BackendRefs are invalid, and there are also no filters /// specified in this route rule, *all* traffic which matches this rule MUST /// receive a 500 status code. /// - /// /// See the HTTPBackendRef definition for the rules about what makes a single /// HTTPBackendRef invalid. /// - /// /// When a HTTPBackendRef is invalid, 500 status codes MUST be returned for /// requests that would have otherwise been routed to an invalid backend. If /// multiple backends are specified, and some are invalid, the proportion of /// requests that would otherwise have been routed to an invalid backend /// MUST receive a 500 status code. /// - /// /// For example, if two backends are specified with equal weights, and one is /// invalid, 50 percent of traffic must receive a 500. Implementations may /// choose how that 50 percent is determined. /// + /// When a HTTPBackendRef refers to a Service that has no ready endpoints, + /// implementations SHOULD return a 503 for requests to that backend instead. + /// If an implementation chooses to do this, all of the above rules for 500 responses + /// MUST also apply for responses that return a 503. /// /// Support: Core for Kubernetes Service /// - /// /// Support: Extended for Kubernetes ServiceImport /// - /// /// Support: Implementation-specific for any other resource /// - /// /// Support for weight: Core #[serde( default, @@ -352,37 +308,30 @@ pub struct HTTPRouteRules { /// Filters define the filters that are applied to requests that match /// this rule. /// - /// /// Wherever possible, implementations SHOULD implement filters in the order /// they are specified. /// - /// /// Implementations MAY choose to implement this ordering strictly, rejecting /// any combination or order of filters that can not be supported. If implementations /// choose a strict interpretation of filter ordering, they MUST clearly document /// that behavior. /// - /// /// To reject an invalid combination or order of filters, implementations SHOULD /// consider the Route Rules with this configuration invalid. If all Route Rules /// in a Route are invalid, the entire Route would be considered invalid. If only /// a portion of Route Rules are invalid, implementations MUST set the /// "PartiallyInvalid" condition for the Route. /// - /// /// Conformance-levels at this level are defined based on the type of filter: /// - /// /// - ALL core filters MUST be supported by all implementations. /// - Implementers are encouraged to support extended filters. /// - Implementation-specific custom filters have no API guarantees across /// implementations. /// - /// /// Specifying the same filter multiple times is not supported unless explicitly /// indicated in the filter. /// - /// /// All filters are expected to be compatible with each other except for the /// URLRewrite and RequestRedirect filters, which may not be combined. If an /// implementation can not support other combinations of filters, they must clearly @@ -391,7 +340,6 @@ pub struct HTTPRouteRules { /// `False`, implementations may use the `IncompatibleFilters` reason to specify /// this configuration error. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub filters: Option>, @@ -399,11 +347,9 @@ pub struct HTTPRouteRules { /// HTTP requests. Each match is independent, i.e. this rule will be matched /// if **any** one of the matches is satisfied. /// - /// /// For example, take the following matches configuration: /// - /// - /// ``` + /// ```text /// matches: /// - path: /// value: "/foo" @@ -414,97 +360,83 @@ pub struct HTTPRouteRules { /// value: "/v2/foo" /// ``` /// - /// /// For a request to match against this rule, a request must satisfy /// EITHER of the two conditions: /// - /// /// - path prefixed with `/foo` AND contains the header `version: v2` /// - path prefix of `/v2/foo` /// - /// /// See the documentation for HTTPRouteMatch on how to specify multiple /// match conditions that should be ANDed together. /// - /// /// If no matches are specified, the default is a prefix /// path match on "/", which has the effect of matching every /// HTTP request. /// - /// /// Proxy or Load Balancer routing configuration generated from HTTPRoutes /// MUST prioritize matches based on the following criteria, continuing on /// ties. Across all rules specified on applicable Routes, precedence must be /// given to the match having: /// - /// /// * "Exact" path match. /// * "Prefix" path match with largest number of characters. /// * Method match. /// * Largest number of header matches. /// * Largest number of query param matches. /// - /// /// Note: The precedence of RegularExpression path matches are implementation-specific. /// - /// /// If ties still exist across multiple Routes, matching precedence MUST be /// determined in order of the following criteria, continuing on ties: /// - /// /// * The oldest Route based on creation timestamp. /// * The Route appearing first in alphabetical order by /// "{namespace}/{name}". /// - /// /// If ties still exist within an HTTPRoute, matching precedence MUST be granted /// to the FIRST matching rule (in list order) with a match meeting the above /// criteria. /// - /// /// When no rules matching a request have been successfully attached to the /// parent a request is coming from, a HTTP 404 status code MUST be returned. #[serde(default, skip_serializing_if = "Option::is_none")] pub matches: Option>, + /// Timeouts defines the timeouts that can be configured for an HTTP request. + /// + /// Support: Extended + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeouts: Option, } /// HTTPBackendRef defines how a HTTPRoute forwards a HTTP request. /// -/// /// Note that when a namespace different than the local namespace is specified, a /// ReferenceGrant object is required in the referent namespace to allow that /// namespace's owner to accept the reference. See the ReferenceGrant /// documentation for details. /// -/// /// /// -/// /// When the BackendRef points to a Kubernetes Service, implementations SHOULD /// honor the appProtocol field if it is set for the target Service Port. /// -/// /// Implementations supporting appProtocol SHOULD recognize the Kubernetes /// Standard Application Protocols defined in KEP-3726. /// -/// /// If a Service appProtocol isn't specified, an implementation MAY infer the /// backend protocol through its own means. Implementations MAY infer the /// protocol from the Route type referring to the backend Service. /// -/// /// If a Route is not able to send traffic to the backend using the specified /// protocol then the backend is considered invalid. Implementations MUST set the /// "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason. /// -/// /// #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesBackendRefs { /// Filters defined at this level should be executed if and only if the /// request is being forwarded to the backend defined here. /// - /// /// Support: Implementation-specific (For broader support of filters, use the /// Filters field in HTTPRouteRule.) #[serde(default, skip_serializing_if = "Option::is_none")] @@ -516,20 +448,16 @@ pub struct HTTPRouteRulesBackendRefs { /// Kind is the Kubernetes resource kind of the referent. For example /// "Service". /// - /// /// Defaults to "Service" when not specified. /// - /// /// ExternalName services can refer to CNAME DNS records that may live /// outside of the cluster and as such are difficult to reason about in /// terms of conformance. They also may not be safe to forward to (see /// CVE-2021-25740 for more information). Implementations SHOULD NOT /// support ExternalName Services. /// - /// /// Support: Core (Services with a type other than ExternalName) /// - /// /// Support: Implementation-specific (Services with type ExternalName) #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, @@ -538,13 +466,11 @@ pub struct HTTPRouteRulesBackendRefs { /// Namespace is the namespace of the backend. When unspecified, the local /// namespace is inferred. /// - /// /// Note that when a namespace different than the local namespace is specified, /// a ReferenceGrant object is required in the referent namespace to allow that /// namespace's owner to accept the reference. See the ReferenceGrant /// documentation for details. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, @@ -562,13 +488,11 @@ pub struct HTTPRouteRulesBackendRefs { /// implementation supports. Weight is not a percentage and the sum of /// weights does not need to equal 100. /// - /// /// If only one backend is specified and it has a weight greater than 0, 100% /// of the traffic is forwarded to that backend. If weight is set to 0, no /// traffic should be forwarded for this entry. If unspecified, weight /// defaults to 1. /// - /// /// Support for this field varies based on the context where used. #[serde(default, skip_serializing_if = "Option::is_none")] pub weight: Option, @@ -587,10 +511,8 @@ pub struct HTTPRouteRulesBackendRefsFilters { /// "networking.example.net"). ExtensionRef MUST NOT be used for core and /// extended filters. /// - /// /// This filter can be used multiple times within the same rule. /// - /// /// Support: Implementation-specific #[serde( default, @@ -601,7 +523,6 @@ pub struct HTTPRouteRulesBackendRefsFilters { /// RequestHeaderModifier defines a schema for a filter that modifies request /// headers. /// - /// /// Support: Core #[serde( default, @@ -613,13 +534,13 @@ pub struct HTTPRouteRulesBackendRefsFilters { /// Requests are sent to the specified destination, but responses from /// that destination are ignored. /// - /// /// This filter can be used multiple times within the same rule. Note that /// not all implementations will be able to support mirroring to multiple /// backends. /// - /// /// Support: Extended + /// + /// #[serde( default, skip_serializing_if = "Option::is_none", @@ -629,7 +550,6 @@ pub struct HTTPRouteRulesBackendRefsFilters { /// RequestRedirect defines a schema for a filter that responds to the /// request with an HTTP redirection. /// - /// /// Support: Core #[serde( default, @@ -640,7 +560,6 @@ pub struct HTTPRouteRulesBackendRefsFilters { /// ResponseHeaderModifier defines a schema for a filter that modifies response /// headers. /// - /// /// Support: Extended #[serde( default, @@ -651,17 +570,14 @@ pub struct HTTPRouteRulesBackendRefsFilters { /// Type identifies the type of filter to apply. As with other API fields, /// types are classified into three conformance levels: /// - /// /// - Core: Filter types and their corresponding configuration defined by /// "Support: Core" in this package, e.g. "RequestHeaderModifier". All /// implementations must support core filters. /// - /// /// - Extended: Filter types and their corresponding configuration defined by /// "Support: Extended" in this package, e.g. "RequestMirror". Implementers /// are encouraged to support extended filters. /// - /// /// - Implementation-specific: Filters that are defined and supported by /// specific vendors. /// In the future, filters showing convergence in behavior across multiple @@ -670,20 +586,16 @@ pub struct HTTPRouteRulesBackendRefsFilters { /// is specified using the ExtensionRef field. `Type` should be set to /// "ExtensionRef" for custom filters. /// - /// /// Implementers are encouraged to define custom implementation types to /// extend the core API with implementation-specific behavior. /// - /// /// If a reference to a custom filter type cannot be resolved, the filter /// MUST NOT be skipped. Instead, requests that would have been processed by /// that filter MUST receive a HTTP error response. /// - /// /// Note that values may be added to this enum, implementations /// must ensure that unknown values will not cause a crash. /// - /// /// Unknown values here must result in the implementation setting the /// Accepted Condition for the Route to `status: False`, with a /// Reason of `UnsupportedValue`. @@ -691,7 +603,6 @@ pub struct HTTPRouteRulesBackendRefsFilters { pub r#type: HTTPRouteRulesBackendRefsFiltersType, /// URLRewrite defines a schema for a filter that modifies a request during forwarding. /// - /// /// Support: Extended #[serde( default, @@ -706,10 +617,8 @@ pub struct HTTPRouteRulesBackendRefsFilters { /// "networking.example.net"). ExtensionRef MUST NOT be used for core and /// extended filters. /// -/// /// This filter can be used multiple times within the same rule. /// -/// /// Support: Implementation-specific #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesBackendRefsFiltersExtensionRef { @@ -725,7 +634,6 @@ pub struct HTTPRouteRulesBackendRefsFiltersExtensionRef { /// RequestHeaderModifier defines a schema for a filter that modifies request /// headers. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesBackendRefsFiltersRequestHeaderModifier { @@ -733,18 +641,15 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestHeaderModifier { /// before the action. It appends to any existing values associated /// with the header name. /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header: foo /// - /// /// Config: /// add: /// - name: "my-header" /// value: "bar,baz" /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header: foo,bar,baz @@ -755,18 +660,15 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestHeaderModifier { /// names are case-insensitive (see /// https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header1: foo /// my-header2: bar /// my-header3: baz /// - /// /// Config: /// remove: ["my-header1", "my-header3"] /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header2: bar @@ -775,18 +677,15 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestHeaderModifier { /// Set overwrites the request with the given header (name, value) /// before the action. /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header: foo /// - /// /// Config: /// set: /// - name: "my-header" /// value: "bar" /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header: bar @@ -800,7 +699,6 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestHeaderModifierAdd { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, the first entry with /// an equivalent name MUST be considered for a match. Subsequent entries /// with an equivalent header name MUST be ignored. Due to the @@ -817,7 +715,6 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestHeaderModifierSet { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, the first entry with /// an equivalent name MUST be considered for a match. Subsequent entries /// with an equivalent header name MUST be ignored. Due to the @@ -832,43 +729,37 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestHeaderModifierSet { /// Requests are sent to the specified destination, but responses from /// that destination are ignored. /// -/// /// This filter can be used multiple times within the same rule. Note that /// not all implementations will be able to support mirroring to multiple /// backends. /// -/// /// Support: Extended +/// +/// #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesBackendRefsFiltersRequestMirror { /// BackendRef references a resource where mirrored requests are sent. /// - /// /// Mirrored requests must be sent only to a single destination endpoint /// within this BackendRef, irrespective of how many endpoints are present /// within this BackendRef. /// - /// /// If the referent cannot be found, this BackendRef is invalid and must be /// dropped from the Gateway. The controller must ensure the "ResolvedRefs" /// condition on the Route status is set to `status: False` and not configure /// this backend in the underlying implementation. /// - /// /// If there is a cross-namespace reference to an *existing* object /// that is not allowed by a ReferenceGrant, the controller must ensure the /// "ResolvedRefs" condition on the Route is set to `status: False`, /// with the "RefNotPermitted" reason and not configure this backend in the /// underlying implementation. /// - /// /// In either error case, the Message of the `ResolvedRefs` Condition /// should be used to provide more detail about the problem. /// - /// /// Support: Extended for Kubernetes Service /// - /// /// Support: Implementation-specific for any other resource #[serde(rename = "backendRef")] pub backend_ref: HTTPRouteRulesBackendRefsFiltersRequestMirrorBackendRef, @@ -876,32 +767,26 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestMirror { /// BackendRef references a resource where mirrored requests are sent. /// -/// /// Mirrored requests must be sent only to a single destination endpoint /// within this BackendRef, irrespective of how many endpoints are present /// within this BackendRef. /// -/// /// If the referent cannot be found, this BackendRef is invalid and must be /// dropped from the Gateway. The controller must ensure the "ResolvedRefs" /// condition on the Route status is set to `status: False` and not configure /// this backend in the underlying implementation. /// -/// /// If there is a cross-namespace reference to an *existing* object /// that is not allowed by a ReferenceGrant, the controller must ensure the /// "ResolvedRefs" condition on the Route is set to `status: False`, /// with the "RefNotPermitted" reason and not configure this backend in the /// underlying implementation. /// -/// /// In either error case, the Message of the `ResolvedRefs` Condition /// should be used to provide more detail about the problem. /// -/// /// Support: Extended for Kubernetes Service /// -/// /// Support: Implementation-specific for any other resource #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesBackendRefsFiltersRequestMirrorBackendRef { @@ -912,20 +797,16 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestMirrorBackendRef { /// Kind is the Kubernetes resource kind of the referent. For example /// "Service". /// - /// /// Defaults to "Service" when not specified. /// - /// /// ExternalName services can refer to CNAME DNS records that may live /// outside of the cluster and as such are difficult to reason about in /// terms of conformance. They also may not be safe to forward to (see /// CVE-2021-25740 for more information). Implementations SHOULD NOT /// support ExternalName Services. /// - /// /// Support: Core (Services with a type other than ExternalName) /// - /// /// Support: Implementation-specific (Services with type ExternalName) #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, @@ -934,13 +815,11 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestMirrorBackendRef { /// Namespace is the namespace of the backend. When unspecified, the local /// namespace is inferred. /// - /// /// Note that when a namespace different than the local namespace is specified, /// a ReferenceGrant object is required in the referent namespace to allow that /// namespace's owner to accept the reference. See the ReferenceGrant /// documentation for details. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, @@ -956,7 +835,6 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestMirrorBackendRef { /// RequestRedirect defines a schema for a filter that responds to the /// request with an HTTP redirection. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesBackendRefsFiltersRequestRedirect { @@ -964,7 +842,6 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestRedirect { /// header in the response. /// When empty, the hostname in the `Host` header of the request is used. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub hostname: Option, @@ -972,18 +849,15 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestRedirect { /// The modified path is then used to construct the `Location` header. When /// empty, the request path is used as-is. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, /// Port is the port to be used in the value of the `Location` /// header in the response. /// - /// /// If no port is specified, the redirect port MUST be derived using the /// following rules: /// - /// /// * If redirect scheme is not-empty, the redirect port MUST be the well-known /// port associated with the redirect scheme. Specifically "http" to port 80 /// and "https" to port 443. If the redirect scheme does not have a @@ -991,52 +865,42 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestRedirect { /// * If redirect scheme is empty, the redirect port MUST be the Gateway /// Listener port. /// - /// /// Implementations SHOULD NOT add the port number in the 'Location' /// header in the following cases: /// - /// /// * A Location header that will use HTTP (whether that is determined via /// the Listener protocol or the Scheme field) _and_ use port 80. /// * A Location header that will use HTTPS (whether that is determined via /// the Listener protocol or the Scheme field) _and_ use port 443. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// Scheme is the scheme to be used in the value of the `Location` header in /// the response. When empty, the scheme of the request is used. /// - /// /// Scheme redirects can affect the port of the redirect, for more information, /// refer to the documentation for the port field of this filter. /// - /// /// Note that values may be added to this enum, implementations /// must ensure that unknown values will not cause a crash. /// - /// /// Unknown values here must result in the implementation setting the /// Accepted Condition for the Route to `status: False`, with a /// Reason of `UnsupportedValue`. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub scheme: Option, /// StatusCode is the HTTP status code to be used in response. /// - /// /// Note that values may be added to this enum, implementations /// must ensure that unknown values will not cause a crash. /// - /// /// Unknown values here must result in the implementation setting the /// Accepted Condition for the Route to `status: False`, with a /// Reason of `UnsupportedValue`. /// - /// /// Support: Core #[serde( default, @@ -1050,7 +914,6 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestRedirect { /// The modified path is then used to construct the `Location` header. When /// empty, the request path is used as-is. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesBackendRefsFiltersRequestRedirectPath { @@ -1067,32 +930,17 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestRedirectPath { /// to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch /// of "/xyz" would be modified to "/xyz/bar". /// - /// /// Note that this matches the behavior of the PathPrefix match type. This /// matches full path elements. A path element refers to the list of labels /// in the path split by the `/` separator. When specified, a trailing `/` is /// ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all /// match the prefix `/abc`, but the path `/abcd` would not. /// - /// /// ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. /// Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in /// the implementation setting the Accepted Condition for the Route to `status: False`. /// - /// /// Request Path | Prefix Match | Replace Prefix | Modified Path - /// -------------|--------------|----------------|---------- - /// /foo/bar | /foo | /xyz | /xyz/bar - /// /foo/bar | /foo | /xyz/ | /xyz/bar - /// /foo/bar | /foo/ | /xyz | /xyz/bar - /// /foo/bar | /foo/ | /xyz/ | /xyz/bar - /// /foo | /foo | /xyz | /xyz - /// /foo/ | /foo | /xyz | /xyz/ - /// /foo/bar | /foo | | /bar - /// /foo/ | /foo | | / - /// /foo | /foo | | / - /// /foo/ | /foo | / | / - /// /foo | /foo | / | / #[serde( default, skip_serializing_if = "Option::is_none", @@ -1102,11 +950,9 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestRedirectPath { /// Type defines the type of path modifier. Additional types may be /// added in a future release of the API. /// - /// /// Note that values may be added to this enum, implementations /// must ensure that unknown values will not cause a crash. /// - /// /// Unknown values here must result in the implementation setting the /// Accepted Condition for the Route to `status: False`, with a /// Reason of `UnsupportedValue`. @@ -1118,7 +964,6 @@ pub struct HTTPRouteRulesBackendRefsFiltersRequestRedirectPath { /// The modified path is then used to construct the `Location` header. When /// empty, the request path is used as-is. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum HTTPRouteRulesBackendRefsFiltersRequestRedirectPathType { @@ -1129,7 +974,6 @@ pub enum HTTPRouteRulesBackendRefsFiltersRequestRedirectPathType { /// RequestRedirect defines a schema for a filter that responds to the /// request with an HTTP redirection. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum HTTPRouteRulesBackendRefsFiltersRequestRedirectScheme { @@ -1142,7 +986,6 @@ pub enum HTTPRouteRulesBackendRefsFiltersRequestRedirectScheme { /// RequestRedirect defines a schema for a filter that responds to the /// request with an HTTP redirection. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum HTTPRouteRulesBackendRefsFiltersRequestRedirectStatusCode { @@ -1155,7 +998,6 @@ pub enum HTTPRouteRulesBackendRefsFiltersRequestRedirectStatusCode { /// ResponseHeaderModifier defines a schema for a filter that modifies response /// headers. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesBackendRefsFiltersResponseHeaderModifier { @@ -1163,18 +1005,15 @@ pub struct HTTPRouteRulesBackendRefsFiltersResponseHeaderModifier { /// before the action. It appends to any existing values associated /// with the header name. /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header: foo /// - /// /// Config: /// add: /// - name: "my-header" /// value: "bar,baz" /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header: foo,bar,baz @@ -1185,18 +1024,15 @@ pub struct HTTPRouteRulesBackendRefsFiltersResponseHeaderModifier { /// names are case-insensitive (see /// https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header1: foo /// my-header2: bar /// my-header3: baz /// - /// /// Config: /// remove: ["my-header1", "my-header3"] /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header2: bar @@ -1205,18 +1041,15 @@ pub struct HTTPRouteRulesBackendRefsFiltersResponseHeaderModifier { /// Set overwrites the request with the given header (name, value) /// before the action. /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header: foo /// - /// /// Config: /// set: /// - name: "my-header" /// value: "bar" /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header: bar @@ -1230,7 +1063,6 @@ pub struct HTTPRouteRulesBackendRefsFiltersResponseHeaderModifierAdd { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, the first entry with /// an equivalent name MUST be considered for a match. Subsequent entries /// with an equivalent header name MUST be ignored. Due to the @@ -1247,7 +1079,6 @@ pub struct HTTPRouteRulesBackendRefsFiltersResponseHeaderModifierSet { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, the first entry with /// an equivalent name MUST be considered for a match. Subsequent entries /// with an equivalent header name MUST be ignored. Due to the @@ -1277,20 +1108,17 @@ pub enum HTTPRouteRulesBackendRefsFiltersType { /// URLRewrite defines a schema for a filter that modifies a request during forwarding. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesBackendRefsFiltersUrlRewrite { /// Hostname is the value to be used to replace the Host header value during /// forwarding. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub hostname: Option, /// Path defines a path rewrite. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, @@ -1298,7 +1126,6 @@ pub struct HTTPRouteRulesBackendRefsFiltersUrlRewrite { /// Path defines a path rewrite. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesBackendRefsFiltersUrlRewritePath { @@ -1315,32 +1142,17 @@ pub struct HTTPRouteRulesBackendRefsFiltersUrlRewritePath { /// to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch /// of "/xyz" would be modified to "/xyz/bar". /// - /// /// Note that this matches the behavior of the PathPrefix match type. This /// matches full path elements. A path element refers to the list of labels /// in the path split by the `/` separator. When specified, a trailing `/` is /// ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all /// match the prefix `/abc`, but the path `/abcd` would not. /// - /// /// ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. /// Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in /// the implementation setting the Accepted Condition for the Route to `status: False`. /// - /// /// Request Path | Prefix Match | Replace Prefix | Modified Path - /// -------------|--------------|----------------|---------- - /// /foo/bar | /foo | /xyz | /xyz/bar - /// /foo/bar | /foo | /xyz/ | /xyz/bar - /// /foo/bar | /foo/ | /xyz | /xyz/bar - /// /foo/bar | /foo/ | /xyz/ | /xyz/bar - /// /foo | /foo | /xyz | /xyz - /// /foo/ | /foo | /xyz | /xyz/ - /// /foo/bar | /foo | | /bar - /// /foo/ | /foo | | / - /// /foo | /foo | | / - /// /foo/ | /foo | / | / - /// /foo | /foo | / | / #[serde( default, skip_serializing_if = "Option::is_none", @@ -1350,11 +1162,9 @@ pub struct HTTPRouteRulesBackendRefsFiltersUrlRewritePath { /// Type defines the type of path modifier. Additional types may be /// added in a future release of the API. /// - /// /// Note that values may be added to this enum, implementations /// must ensure that unknown values will not cause a crash. /// - /// /// Unknown values here must result in the implementation setting the /// Accepted Condition for the Route to `status: False`, with a /// Reason of `UnsupportedValue`. @@ -1364,7 +1174,6 @@ pub struct HTTPRouteRulesBackendRefsFiltersUrlRewritePath { /// Path defines a path rewrite. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum HTTPRouteRulesBackendRefsFiltersUrlRewritePathType { @@ -1385,10 +1194,8 @@ pub struct HTTPRouteRulesFilters { /// "networking.example.net"). ExtensionRef MUST NOT be used for core and /// extended filters. /// - /// /// This filter can be used multiple times within the same rule. /// - /// /// Support: Implementation-specific #[serde( default, @@ -1399,7 +1206,6 @@ pub struct HTTPRouteRulesFilters { /// RequestHeaderModifier defines a schema for a filter that modifies request /// headers. /// - /// /// Support: Core #[serde( default, @@ -1411,13 +1217,13 @@ pub struct HTTPRouteRulesFilters { /// Requests are sent to the specified destination, but responses from /// that destination are ignored. /// - /// /// This filter can be used multiple times within the same rule. Note that /// not all implementations will be able to support mirroring to multiple /// backends. /// - /// /// Support: Extended + /// + /// #[serde( default, skip_serializing_if = "Option::is_none", @@ -1427,7 +1233,6 @@ pub struct HTTPRouteRulesFilters { /// RequestRedirect defines a schema for a filter that responds to the /// request with an HTTP redirection. /// - /// /// Support: Core #[serde( default, @@ -1438,7 +1243,6 @@ pub struct HTTPRouteRulesFilters { /// ResponseHeaderModifier defines a schema for a filter that modifies response /// headers. /// - /// /// Support: Extended #[serde( default, @@ -1449,17 +1253,14 @@ pub struct HTTPRouteRulesFilters { /// Type identifies the type of filter to apply. As with other API fields, /// types are classified into three conformance levels: /// - /// /// - Core: Filter types and their corresponding configuration defined by /// "Support: Core" in this package, e.g. "RequestHeaderModifier". All /// implementations must support core filters. /// - /// /// - Extended: Filter types and their corresponding configuration defined by /// "Support: Extended" in this package, e.g. "RequestMirror". Implementers /// are encouraged to support extended filters. /// - /// /// - Implementation-specific: Filters that are defined and supported by /// specific vendors. /// In the future, filters showing convergence in behavior across multiple @@ -1468,20 +1269,16 @@ pub struct HTTPRouteRulesFilters { /// is specified using the ExtensionRef field. `Type` should be set to /// "ExtensionRef" for custom filters. /// - /// /// Implementers are encouraged to define custom implementation types to /// extend the core API with implementation-specific behavior. /// - /// /// If a reference to a custom filter type cannot be resolved, the filter /// MUST NOT be skipped. Instead, requests that would have been processed by /// that filter MUST receive a HTTP error response. /// - /// /// Note that values may be added to this enum, implementations /// must ensure that unknown values will not cause a crash. /// - /// /// Unknown values here must result in the implementation setting the /// Accepted Condition for the Route to `status: False`, with a /// Reason of `UnsupportedValue`. @@ -1489,7 +1286,6 @@ pub struct HTTPRouteRulesFilters { pub r#type: HTTPRouteRulesFiltersType, /// URLRewrite defines a schema for a filter that modifies a request during forwarding. /// - /// /// Support: Extended #[serde( default, @@ -1504,10 +1300,8 @@ pub struct HTTPRouteRulesFilters { /// "networking.example.net"). ExtensionRef MUST NOT be used for core and /// extended filters. /// -/// /// This filter can be used multiple times within the same rule. /// -/// /// Support: Implementation-specific #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesFiltersExtensionRef { @@ -1523,7 +1317,6 @@ pub struct HTTPRouteRulesFiltersExtensionRef { /// RequestHeaderModifier defines a schema for a filter that modifies request /// headers. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesFiltersRequestHeaderModifier { @@ -1531,18 +1324,15 @@ pub struct HTTPRouteRulesFiltersRequestHeaderModifier { /// before the action. It appends to any existing values associated /// with the header name. /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header: foo /// - /// /// Config: /// add: /// - name: "my-header" /// value: "bar,baz" /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header: foo,bar,baz @@ -1553,18 +1343,15 @@ pub struct HTTPRouteRulesFiltersRequestHeaderModifier { /// names are case-insensitive (see /// https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header1: foo /// my-header2: bar /// my-header3: baz /// - /// /// Config: /// remove: ["my-header1", "my-header3"] /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header2: bar @@ -1573,18 +1360,15 @@ pub struct HTTPRouteRulesFiltersRequestHeaderModifier { /// Set overwrites the request with the given header (name, value) /// before the action. /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header: foo /// - /// /// Config: /// set: /// - name: "my-header" /// value: "bar" /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header: bar @@ -1598,7 +1382,6 @@ pub struct HTTPRouteRulesFiltersRequestHeaderModifierAdd { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, the first entry with /// an equivalent name MUST be considered for a match. Subsequent entries /// with an equivalent header name MUST be ignored. Due to the @@ -1615,7 +1398,6 @@ pub struct HTTPRouteRulesFiltersRequestHeaderModifierSet { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, the first entry with /// an equivalent name MUST be considered for a match. Subsequent entries /// with an equivalent header name MUST be ignored. Due to the @@ -1630,43 +1412,37 @@ pub struct HTTPRouteRulesFiltersRequestHeaderModifierSet { /// Requests are sent to the specified destination, but responses from /// that destination are ignored. /// -/// /// This filter can be used multiple times within the same rule. Note that /// not all implementations will be able to support mirroring to multiple /// backends. /// -/// /// Support: Extended +/// +/// #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesFiltersRequestMirror { /// BackendRef references a resource where mirrored requests are sent. /// - /// /// Mirrored requests must be sent only to a single destination endpoint /// within this BackendRef, irrespective of how many endpoints are present /// within this BackendRef. /// - /// /// If the referent cannot be found, this BackendRef is invalid and must be /// dropped from the Gateway. The controller must ensure the "ResolvedRefs" /// condition on the Route status is set to `status: False` and not configure /// this backend in the underlying implementation. /// - /// /// If there is a cross-namespace reference to an *existing* object /// that is not allowed by a ReferenceGrant, the controller must ensure the /// "ResolvedRefs" condition on the Route is set to `status: False`, /// with the "RefNotPermitted" reason and not configure this backend in the /// underlying implementation. /// - /// /// In either error case, the Message of the `ResolvedRefs` Condition /// should be used to provide more detail about the problem. /// - /// /// Support: Extended for Kubernetes Service /// - /// /// Support: Implementation-specific for any other resource #[serde(rename = "backendRef")] pub backend_ref: HTTPRouteRulesFiltersRequestMirrorBackendRef, @@ -1674,32 +1450,26 @@ pub struct HTTPRouteRulesFiltersRequestMirror { /// BackendRef references a resource where mirrored requests are sent. /// -/// /// Mirrored requests must be sent only to a single destination endpoint /// within this BackendRef, irrespective of how many endpoints are present /// within this BackendRef. /// -/// /// If the referent cannot be found, this BackendRef is invalid and must be /// dropped from the Gateway. The controller must ensure the "ResolvedRefs" /// condition on the Route status is set to `status: False` and not configure /// this backend in the underlying implementation. /// -/// /// If there is a cross-namespace reference to an *existing* object /// that is not allowed by a ReferenceGrant, the controller must ensure the /// "ResolvedRefs" condition on the Route is set to `status: False`, /// with the "RefNotPermitted" reason and not configure this backend in the /// underlying implementation. /// -/// /// In either error case, the Message of the `ResolvedRefs` Condition /// should be used to provide more detail about the problem. /// -/// /// Support: Extended for Kubernetes Service /// -/// /// Support: Implementation-specific for any other resource #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesFiltersRequestMirrorBackendRef { @@ -1710,20 +1480,16 @@ pub struct HTTPRouteRulesFiltersRequestMirrorBackendRef { /// Kind is the Kubernetes resource kind of the referent. For example /// "Service". /// - /// /// Defaults to "Service" when not specified. /// - /// /// ExternalName services can refer to CNAME DNS records that may live /// outside of the cluster and as such are difficult to reason about in /// terms of conformance. They also may not be safe to forward to (see /// CVE-2021-25740 for more information). Implementations SHOULD NOT /// support ExternalName Services. /// - /// /// Support: Core (Services with a type other than ExternalName) /// - /// /// Support: Implementation-specific (Services with type ExternalName) #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, @@ -1732,13 +1498,11 @@ pub struct HTTPRouteRulesFiltersRequestMirrorBackendRef { /// Namespace is the namespace of the backend. When unspecified, the local /// namespace is inferred. /// - /// /// Note that when a namespace different than the local namespace is specified, /// a ReferenceGrant object is required in the referent namespace to allow that /// namespace's owner to accept the reference. See the ReferenceGrant /// documentation for details. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, @@ -1754,7 +1518,6 @@ pub struct HTTPRouteRulesFiltersRequestMirrorBackendRef { /// RequestRedirect defines a schema for a filter that responds to the /// request with an HTTP redirection. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesFiltersRequestRedirect { @@ -1762,7 +1525,6 @@ pub struct HTTPRouteRulesFiltersRequestRedirect { /// header in the response. /// When empty, the hostname in the `Host` header of the request is used. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub hostname: Option, @@ -1770,18 +1532,15 @@ pub struct HTTPRouteRulesFiltersRequestRedirect { /// The modified path is then used to construct the `Location` header. When /// empty, the request path is used as-is. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, /// Port is the port to be used in the value of the `Location` /// header in the response. /// - /// /// If no port is specified, the redirect port MUST be derived using the /// following rules: /// - /// /// * If redirect scheme is not-empty, the redirect port MUST be the well-known /// port associated with the redirect scheme. Specifically "http" to port 80 /// and "https" to port 443. If the redirect scheme does not have a @@ -1789,52 +1548,42 @@ pub struct HTTPRouteRulesFiltersRequestRedirect { /// * If redirect scheme is empty, the redirect port MUST be the Gateway /// Listener port. /// - /// /// Implementations SHOULD NOT add the port number in the 'Location' /// header in the following cases: /// - /// /// * A Location header that will use HTTP (whether that is determined via /// the Listener protocol or the Scheme field) _and_ use port 80. /// * A Location header that will use HTTPS (whether that is determined via /// the Listener protocol or the Scheme field) _and_ use port 443. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// Scheme is the scheme to be used in the value of the `Location` header in /// the response. When empty, the scheme of the request is used. /// - /// /// Scheme redirects can affect the port of the redirect, for more information, /// refer to the documentation for the port field of this filter. /// - /// /// Note that values may be added to this enum, implementations /// must ensure that unknown values will not cause a crash. /// - /// /// Unknown values here must result in the implementation setting the /// Accepted Condition for the Route to `status: False`, with a /// Reason of `UnsupportedValue`. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub scheme: Option, /// StatusCode is the HTTP status code to be used in response. /// - /// /// Note that values may be added to this enum, implementations /// must ensure that unknown values will not cause a crash. /// - /// /// Unknown values here must result in the implementation setting the /// Accepted Condition for the Route to `status: False`, with a /// Reason of `UnsupportedValue`. /// - /// /// Support: Core #[serde( default, @@ -1848,7 +1597,6 @@ pub struct HTTPRouteRulesFiltersRequestRedirect { /// The modified path is then used to construct the `Location` header. When /// empty, the request path is used as-is. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesFiltersRequestRedirectPath { @@ -1865,32 +1613,17 @@ pub struct HTTPRouteRulesFiltersRequestRedirectPath { /// to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch /// of "/xyz" would be modified to "/xyz/bar". /// - /// /// Note that this matches the behavior of the PathPrefix match type. This /// matches full path elements. A path element refers to the list of labels /// in the path split by the `/` separator. When specified, a trailing `/` is /// ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all /// match the prefix `/abc`, but the path `/abcd` would not. /// - /// /// ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. /// Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in /// the implementation setting the Accepted Condition for the Route to `status: False`. /// - /// /// Request Path | Prefix Match | Replace Prefix | Modified Path - /// -------------|--------------|----------------|---------- - /// /foo/bar | /foo | /xyz | /xyz/bar - /// /foo/bar | /foo | /xyz/ | /xyz/bar - /// /foo/bar | /foo/ | /xyz | /xyz/bar - /// /foo/bar | /foo/ | /xyz/ | /xyz/bar - /// /foo | /foo | /xyz | /xyz - /// /foo/ | /foo | /xyz | /xyz/ - /// /foo/bar | /foo | | /bar - /// /foo/ | /foo | | / - /// /foo | /foo | | / - /// /foo/ | /foo | / | / - /// /foo | /foo | / | / #[serde( default, skip_serializing_if = "Option::is_none", @@ -1900,11 +1633,9 @@ pub struct HTTPRouteRulesFiltersRequestRedirectPath { /// Type defines the type of path modifier. Additional types may be /// added in a future release of the API. /// - /// /// Note that values may be added to this enum, implementations /// must ensure that unknown values will not cause a crash. /// - /// /// Unknown values here must result in the implementation setting the /// Accepted Condition for the Route to `status: False`, with a /// Reason of `UnsupportedValue`. @@ -1916,7 +1647,6 @@ pub struct HTTPRouteRulesFiltersRequestRedirectPath { /// The modified path is then used to construct the `Location` header. When /// empty, the request path is used as-is. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum HTTPRouteRulesFiltersRequestRedirectPathType { @@ -1927,7 +1657,6 @@ pub enum HTTPRouteRulesFiltersRequestRedirectPathType { /// RequestRedirect defines a schema for a filter that responds to the /// request with an HTTP redirection. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum HTTPRouteRulesFiltersRequestRedirectScheme { @@ -1940,7 +1669,6 @@ pub enum HTTPRouteRulesFiltersRequestRedirectScheme { /// RequestRedirect defines a schema for a filter that responds to the /// request with an HTTP redirection. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum HTTPRouteRulesFiltersRequestRedirectStatusCode { @@ -1953,7 +1681,6 @@ pub enum HTTPRouteRulesFiltersRequestRedirectStatusCode { /// ResponseHeaderModifier defines a schema for a filter that modifies response /// headers. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesFiltersResponseHeaderModifier { @@ -1961,18 +1688,15 @@ pub struct HTTPRouteRulesFiltersResponseHeaderModifier { /// before the action. It appends to any existing values associated /// with the header name. /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header: foo /// - /// /// Config: /// add: /// - name: "my-header" /// value: "bar,baz" /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header: foo,bar,baz @@ -1983,18 +1707,15 @@ pub struct HTTPRouteRulesFiltersResponseHeaderModifier { /// names are case-insensitive (see /// https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header1: foo /// my-header2: bar /// my-header3: baz /// - /// /// Config: /// remove: ["my-header1", "my-header3"] /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header2: bar @@ -2003,18 +1724,15 @@ pub struct HTTPRouteRulesFiltersResponseHeaderModifier { /// Set overwrites the request with the given header (name, value) /// before the action. /// - /// /// Input: /// GET /foo HTTP/1.1 /// my-header: foo /// - /// /// Config: /// set: /// - name: "my-header" /// value: "bar" /// - /// /// Output: /// GET /foo HTTP/1.1 /// my-header: bar @@ -2028,7 +1746,6 @@ pub struct HTTPRouteRulesFiltersResponseHeaderModifierAdd { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, the first entry with /// an equivalent name MUST be considered for a match. Subsequent entries /// with an equivalent header name MUST be ignored. Due to the @@ -2045,7 +1762,6 @@ pub struct HTTPRouteRulesFiltersResponseHeaderModifierSet { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, the first entry with /// an equivalent name MUST be considered for a match. Subsequent entries /// with an equivalent header name MUST be ignored. Due to the @@ -2075,20 +1791,17 @@ pub enum HTTPRouteRulesFiltersType { /// URLRewrite defines a schema for a filter that modifies a request during forwarding. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesFiltersUrlRewrite { /// Hostname is the value to be used to replace the Host header value during /// forwarding. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub hostname: Option, /// Path defines a path rewrite. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, @@ -2096,7 +1809,6 @@ pub struct HTTPRouteRulesFiltersUrlRewrite { /// Path defines a path rewrite. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesFiltersUrlRewritePath { @@ -2113,32 +1825,17 @@ pub struct HTTPRouteRulesFiltersUrlRewritePath { /// to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch /// of "/xyz" would be modified to "/xyz/bar". /// - /// /// Note that this matches the behavior of the PathPrefix match type. This /// matches full path elements. A path element refers to the list of labels /// in the path split by the `/` separator. When specified, a trailing `/` is /// ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all /// match the prefix `/abc`, but the path `/abcd` would not. /// - /// /// ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. /// Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in /// the implementation setting the Accepted Condition for the Route to `status: False`. /// - /// /// Request Path | Prefix Match | Replace Prefix | Modified Path - /// -------------|--------------|----------------|---------- - /// /foo/bar | /foo | /xyz | /xyz/bar - /// /foo/bar | /foo | /xyz/ | /xyz/bar - /// /foo/bar | /foo/ | /xyz | /xyz/bar - /// /foo/bar | /foo/ | /xyz/ | /xyz/bar - /// /foo | /foo | /xyz | /xyz - /// /foo/ | /foo | /xyz | /xyz/ - /// /foo/bar | /foo | | /bar - /// /foo/ | /foo | | / - /// /foo | /foo | | / - /// /foo/ | /foo | / | / - /// /foo | /foo | / | / #[serde( default, skip_serializing_if = "Option::is_none", @@ -2148,11 +1845,9 @@ pub struct HTTPRouteRulesFiltersUrlRewritePath { /// Type defines the type of path modifier. Additional types may be /// added in a future release of the API. /// - /// /// Note that values may be added to this enum, implementations /// must ensure that unknown values will not cause a crash. /// - /// /// Unknown values here must result in the implementation setting the /// Accepted Condition for the Route to `status: False`, with a /// Reason of `UnsupportedValue`. @@ -2162,7 +1857,6 @@ pub struct HTTPRouteRulesFiltersUrlRewritePath { /// Path defines a path rewrite. /// -/// /// Support: Extended #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum HTTPRouteRulesFiltersUrlRewritePathType { @@ -2174,22 +1868,18 @@ pub enum HTTPRouteRulesFiltersUrlRewritePathType { /// action. Multiple match types are ANDed together, i.e. the match will /// evaluate to true only if all conditions are satisfied. /// -/// /// For example, the match below will match a HTTP request only if its path /// starts with `/foo` AND it contains the `version: v1` header: /// -/// -/// ``` +/// ```text /// match: /// -/// /// path: /// value: "/foo" /// headers: /// - name: "version" /// value "v1" /// -/// /// ``` #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteRulesMatches { @@ -2202,7 +1892,6 @@ pub struct HTTPRouteRulesMatches { /// When specified, this route will be matched only if the request has the /// specified method. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub method: Option, @@ -2214,7 +1903,6 @@ pub struct HTTPRouteRulesMatches { /// values are ANDed together, meaning, a request must match all the /// specified query parameters to select the route. /// - /// /// Support: Extended #[serde( default, @@ -2231,14 +1919,12 @@ pub struct HTTPRouteRulesMatchesHeaders { /// Name is the name of the HTTP Header to be matched. Name matching MUST be /// case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). /// - /// /// If multiple entries specify equivalent header names, only the first /// entry with an equivalent name MUST be considered for a match. Subsequent /// entries with an equivalent header name MUST be ignored. Due to the /// case-insensitivity of header names, "foo" and "Foo" are considered /// equivalent. /// - /// /// When a header is repeated in an HTTP request, it is /// implementation-specific behavior as to how this is represented. /// Generally, proxies should follow the guidance from the RFC: @@ -2247,13 +1933,10 @@ pub struct HTTPRouteRulesMatchesHeaders { pub name: String, /// Type specifies how to match against the value of the header. /// - /// /// Support: Core (Exact) /// - /// /// Support: Implementation-specific (RegularExpression) /// - /// /// Since RegularExpression HeaderMatchType has implementation-specific /// conformance, implementations can support POSIX, PCRE or any other dialects /// of regular expressions. Please read the implementation's documentation to @@ -2276,22 +1959,18 @@ pub enum HTTPRouteRulesMatchesHeadersType { /// action. Multiple match types are ANDed together, i.e. the match will /// evaluate to true only if all conditions are satisfied. /// -/// /// For example, the match below will match a HTTP request only if its path /// starts with `/foo` AND it contains the `version: v1` header: /// -/// -/// ``` +/// ```text /// match: /// -/// /// path: /// value: "/foo" /// headers: /// - name: "version" /// value "v1" /// -/// /// ``` #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, PartialEq)] pub enum HTTPRouteRulesMatchesMethod { @@ -2321,10 +2000,8 @@ pub enum HTTPRouteRulesMatchesMethod { pub struct HTTPRouteRulesMatchesPath { /// Type specifies how to match against the path Value. /// - /// /// Support: Core (Exact, PathPrefix) /// - /// /// Support: Implementation-specific (RegularExpression) #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, @@ -2350,12 +2027,10 @@ pub struct HTTPRouteRulesMatchesQueryParams { /// exact string match. (See /// https://tools.ietf.org/html/rfc7230#section-2.7.3). /// - /// /// If multiple entries specify equivalent query param names, only the first /// entry with an equivalent name MUST be considered for a match. Subsequent /// entries with an equivalent query param name MUST be ignored. /// - /// /// If a query param is repeated in an HTTP request, the behavior is /// purposely left undefined, since different data planes have different /// capabilities. However, it is *recommended* that implementations should @@ -2363,19 +2038,15 @@ pub struct HTTPRouteRulesMatchesQueryParams { /// as this behavior is expected in other load balancing contexts outside of /// the Gateway API. /// - /// /// Users SHOULD NOT route traffic based on repeated query params to guard /// themselves against potential differences in the implementations. pub name: String, /// Type specifies how to match against the value of the query parameter. /// - /// /// Support: Extended (Exact) /// - /// /// Support: Implementation-specific (RegularExpression) /// - /// /// Since RegularExpression QueryParamMatchType has Implementation-specific /// conformance, implementations can support POSIX, PCRE or any other /// dialects of regular expressions. Please read the implementation's @@ -2394,6 +2065,62 @@ pub enum HTTPRouteRulesMatchesQueryParamsType { RegularExpression, } +/// Timeouts defines the timeouts that can be configured for an HTTP request. +/// +/// Support: Extended +#[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] +pub struct HTTPRouteRulesTimeouts { + /// BackendRequest specifies a timeout for an individual request from the gateway + /// to a backend. This covers the time from when the request first starts being + /// sent from the gateway to when the full response has been received from the backend. + /// + /// Setting a timeout to the zero duration (e.g. "0s") SHOULD disable the timeout + /// completely. Implementations that cannot completely disable the timeout MUST + /// instead interpret the zero duration as the longest possible value to which + /// the timeout can be set. + /// + /// An entire client HTTP transaction with a gateway, covered by the Request timeout, + /// may result in more than one call from the gateway to the destination backend, + /// for example, if automatic retries are supported. + /// + /// The value of BackendRequest must be a Gateway API Duration string as defined by + /// GEP-2257. When this field is unspecified, its behavior is implementation-specific; + /// when specified, the value of BackendRequest must be no more than the value of the + /// Request timeout (since the Request timeout encompasses the BackendRequest timeout). + /// + /// Support: Extended + #[serde( + default, + skip_serializing_if = "Option::is_none", + rename = "backendRequest" + )] + pub backend_request: Option, + /// Request specifies the maximum duration for a gateway to respond to an HTTP request. + /// If the gateway has not been able to respond before this deadline is met, the gateway + /// MUST return a timeout error. + /// + /// For example, setting the `rules.timeouts.request` field to the value `10s` in an + /// `HTTPRoute` will cause a timeout if a client request is taking longer than 10 seconds + /// to complete. + /// + /// Setting a timeout to the zero duration (e.g. "0s") SHOULD disable the timeout + /// completely. Implementations that cannot completely disable the timeout MUST + /// instead interpret the zero duration as the longest possible value to which + /// the timeout can be set. + /// + /// This timeout is intended to cover as close to the whole request-response transaction + /// as possible although an implementation MAY choose to start the timeout after the entire + /// request stream has been received instead of immediately after the transaction is + /// initiated by the client. + /// + /// The value of Request is a Gateway API Duration string as defined by GEP-2257. When this + /// field is unspecified, request timeout behavior is implementation-specific. + /// + /// Support: Extended + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, +} + /// Status defines the current state of HTTPRoute. #[derive(Serialize, Deserialize, Clone, Debug, JsonSchema, Default, PartialEq)] pub struct HTTPRouteStatus { @@ -2404,13 +2131,11 @@ pub struct HTTPRouteStatus { /// first sees the route and should update the entry as appropriate when the /// route or gateway is modified. /// - /// /// Note that parent references that cannot be resolved by an implementation /// of this API will not be added to this list. Implementations of this API /// can only populate Route status for the Gateways/parent resources they are /// responsible for. /// - /// /// A maximum of 32 Gateways will be represented in this list. An empty list /// means the route has not been attached to any Gateway. pub parents: Vec, @@ -2424,22 +2149,18 @@ pub struct HTTPRouteStatusParents { /// Note that the route's availability is also subject to the Gateway's own /// status conditions and listener status. /// - /// /// If the Route's ParentRef specifies an existing Gateway that supports /// Routes of this kind AND that Gateway's controller has sufficient access, /// then that Gateway's controller MUST set the "Accepted" condition on the /// Route, to indicate whether the route has been accepted or rejected by the /// Gateway, and why. /// - /// /// A Route MUST be considered "Accepted" if at least one of the Route's /// rules is implemented by the Gateway. /// - /// /// There are a number of cases where the "Accepted" condition may not be set /// due to lack of controller visibility, that includes when: /// - /// /// * The Route refers to a non-existent parent. /// * The Route is of a type that the controller does not support. /// * The Route is in a namespace the controller does not have access to. @@ -2449,15 +2170,12 @@ pub struct HTTPRouteStatusParents { /// controller that wrote this status. This corresponds with the /// controllerName field on GatewayClass. /// - /// /// Example: "example.net/gateway-controller". /// - /// /// The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are /// valid Kubernetes names /// (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). /// - /// /// Controllers MUST populate this field when writing status. Controllers should ensure that /// entries to status populated with their ControllerName are cleaned up when they are no /// longer necessary. @@ -2478,32 +2196,26 @@ pub struct HTTPRouteStatusParentsParentRef { /// To set the core API group (such as for a "Service" kind referent), /// Group must be explicitly set to "" (empty string). /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub group: Option, /// Kind is kind of the referent. /// - /// /// There are two kinds of parent resources with "Core" support: /// - /// /// * Gateway (Gateway conformance profile) /// * Service (Mesh conformance profile, ClusterIP Services only) /// - /// /// Support for other resources is Implementation-Specific. #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, /// Name is the name of the referent. /// - /// /// Support: Core pub name: String, /// Namespace is the namespace of the referent. When unspecified, this refers /// to the local namespace of the Route. /// - /// /// Note that there are specific rules for ParentRefs which cross namespace /// boundaries. Cross-namespace references are only valid if they are explicitly /// allowed by something in the namespace they are referring to. For example: @@ -2512,15 +2224,12 @@ pub struct HTTPRouteStatusParentsParentRef { /// /// /// - /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// Port is the network port this Route targets. It can be interpreted /// differently based on the type of parent resource. /// - /// /// When the parent resource is a Gateway, this targets all listeners /// listening on the specified port that also support this kind of Route(and /// select this Route). It's not recommended to set `Port` unless the @@ -2531,13 +2240,10 @@ pub struct HTTPRouteStatusParentsParentRef { /// /// /// - /// - /// /// Implementations MAY choose to support other parent resources. /// Implementations supporting other types of parent resources MUST clearly /// document how/if Port is interpreted. /// - /// /// For the purpose of status, an attachment is considered successful as /// long as the parent resource accepts it partially. For example, Gateway /// listeners can restrict which Routes can attach to them by Route kind, @@ -2546,14 +2252,12 @@ pub struct HTTPRouteStatusParentsParentRef { /// attached. If no Gateway listeners accept attachment from this Route, /// the Route MUST be considered detached from the Gateway. /// - /// /// Support: Extended #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// SectionName is the name of a section within the target resource. In the /// following resources, SectionName is interpreted as the following: /// - /// /// * Gateway: Listener name. When both Port (experimental) and SectionName /// are specified, the name and port of the selected listener must match /// both specified values. @@ -2561,12 +2265,10 @@ pub struct HTTPRouteStatusParentsParentRef { /// are specified, the name and port of the selected listener must match /// both specified values. /// - /// /// Implementations MAY choose to support attaching Routes to other resources. /// If that is the case, they MUST clearly document how SectionName is /// interpreted. /// - /// /// When unspecified (empty string), this will reference the entire resource. /// For the purpose of status, an attachment is considered successful if at /// least one section in the parent resource accepts it. For example, Gateway @@ -2576,7 +2278,6 @@ pub struct HTTPRouteStatusParentsParentRef { /// attached. If no Gateway listeners accept attachment from this Route, the /// Route MUST be considered detached from the Gateway. /// - /// /// Support: Core #[serde( default, diff --git a/gateway-api/src/apis/standard/referencegrants.rs b/gateway-api/src/apis/standard/referencegrants.rs index 64a65b7..f3cab13 100644 --- a/gateway-api/src/apis/standard/referencegrants.rs +++ b/gateway-api/src/apis/standard/referencegrants.rs @@ -1,6 +1,6 @@ // WARNING: generated by kopium - manual changes will be overwritten // kopium command: kopium --schema=derived --derive=JsonSchema --derive=Default --derive=PartialEq --docs -f - -// kopium version: 0.20.1 +// kopium version: 0.21.1 #[allow(unused_imports)] mod prelude { @@ -27,7 +27,6 @@ pub struct ReferenceGrantSpec { /// to be an additional place that references can be valid from, or to put /// this another way, entries MUST be combined using OR. /// - /// /// Support: Core pub from: Vec, /// To describes the resources that may be referenced by the resources @@ -35,7 +34,6 @@ pub struct ReferenceGrantSpec { /// additional place that references can be valid to, or to put this another /// way, entries MUST be combined using OR. /// - /// /// Support: Core pub to: Vec, } @@ -46,23 +44,18 @@ pub struct ReferenceGrantFrom { /// Group is the group of the referent. /// When empty, the Kubernetes core API group is inferred. /// - /// /// Support: Core pub group: String, /// Kind is the kind of the referent. Although implementations may support /// additional resources, the following types are part of the "Core" /// support level for this field. /// - /// /// When used to permit a SecretObjectReference: /// - /// /// * Gateway /// - /// /// When used to permit a BackendObjectReference: /// - /// /// * GRPCRoute /// * HTTPRoute /// * TCPRoute @@ -71,7 +64,6 @@ pub struct ReferenceGrantFrom { pub kind: String, /// Namespace is the namespace of the referent. /// - /// /// Support: Core pub namespace: String, } @@ -83,14 +75,12 @@ pub struct ReferenceGrantTo { /// Group is the group of the referent. /// When empty, the Kubernetes core API group is inferred. /// - /// /// Support: Core pub group: String, /// Kind is the kind of the referent. Although implementations may support /// additional resources, the following types are part of the "Core" /// support level for this field: /// - /// /// * Secret when used to permit a SecretObjectReference /// * Service when used to permit a BackendObjectReference pub kind: String, diff --git a/gateway-api/src/lib.rs b/gateway-api/src/lib.rs index 4ccac34..2b6a445 100644 --- a/gateway-api/src/lib.rs +++ b/gateway-api/src/lib.rs @@ -69,8 +69,7 @@ mod tests { .metadata .name .ok_or(Error::msg("could not find GatewayClass name"))?, - addresses: None, - listeners: vec![], + ..Default::default() }, status: None, }; diff --git a/update.sh b/update.sh index 99f6e4d..fc7a4c7 100755 --- a/update.sh +++ b/update.sh @@ -13,7 +13,7 @@ set -eoux pipefail -VERSION="v1.1.0" +VERSION="v1.2.0" STANDARD_APIS=( gatewayclasses